Akamai Diversity

The Akamai Blog

What a DDoS attack may be trying to hide

Earlier this month,  Akamai held its second annual Financial Services Security Roundtable in London. The session was hosted by one of our global banking customers, and attended by numerous banks from London and Ireland.

The meeting was held under Chatham House Rule, a well-known format in the UK, but not as well known in the U.S. and other regions.  Under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker or participants may be revealed.   The rule allows people to speak as individuals and encourages free discussion. As a result some very interesting information was shared.

One workshop attendee reported that their organization is under nearly continuous DDoS attack. This attendee estimated that 97 percent of the attacks against the bank are volumetric DDoS, while only three percent are logic attacks attempting to do something more malicious. This percentage of 'easy' attacks at first seemed surprisingly high to the others in the room, and that three percent seemed quite a reasonable number to handle. But when asked if the bank experiences attempted fraudulent money movement masked by the volumetric attacks, their answer was 'yes'. We hear frequently of such patterns by industry analysts and the publications covering the space. To hear it directly from a security executive at a bank is much more impactful.

Security information sharing within the banking industry is especially important. There are many established industry associations which allow this information sharing between the banks. But security vendors such as Akamai also have much to share, and those channels are not nearly as well developed. The channels between the vendor and banks must extend beyond the banks directly to the regulators. Regulators should open up to vendors to understand how the latest security innovations may help protect the banking industry.

Based on the success of our London event, Akamai is planning Financial Services Security Roundtables in cities across the U.S. and around the globe. If you are interested in attending or hosting one of our roundtables please let me (ribolstr@akamai.com) know. I look forward to meeting you there.

Rich Bolstridge is Akamai's Chief Strategist for the financial services industry