There is a looming threat to Philippine banks and financial institutions in the form of Distributed Denial of Service (DDoS) ― a type of cyber attack. Thus, the financial sector is being urged to strengthen its defenses against the brunt of digital crime.
Focus has been on the industry due to the increasing number of ATM skimming and online phishing incidents in the recent months, according to IPC (IP Converge Data Services, Inc.) and Nexusguard.
This year has seen a rise in the frequency, duration and potential damage from DDoS attacks. “Our data shows that up to one-third of DDoS attacks launched worldwide are directed at the financial sector. This includes banks, trade unions and the like,” said Donny Chong, Nexusguard Head of Products.
“This is a major threat especially now that most banks and financial institutions have already established an online presence ― many have launched websites that customers can access to conduct anything from simply checking their account balance to transferring funds from one account to another,” added Niňo Valmonte, IPC Director for Product Management & Marketing.
Chong warns against the financial impact of such attacks. “To put things in perspective, if a DDoS attack were to bring down the Philippine Stock Exchange (PSE), even if it is for a few hours during trading, the PSE would have to suspend all tradings for the day – that is more than US $220 million worth of trades on an average day,” Chong said.
Apart from incurring financial losses, companies are also at risk of sustaining other forms of damage. Valmonte notes, “Companies must understand that falling victim to these attacks will not only lead to financial implications, but may also tarnish their business’ reputation. Customers will have the perception that you’re not good enough to protect their interest. Also, losing data can leave your company open to lawsuits by clients whose private details were exposed because of an unmitigated attack.”
DDoS attacks happen when the target website is flooded by malicious traffic generated by infected systems called botnets, causing the targeted server to be overwhelmed with connections and crash, refusing new connections to be made. However, according to IPC and Nexusguard, unscrupulous individuals and groups have devised new strategies utilizing DDoS attacks. “Cybercriminals are now using DDoS attacks as an accessory to even bigger assaults such as illegal wire transfers and fraud,” said Chong.
For this reason, IPC and Nexusguard urge Philippine banks and financial firms to incorporate DDoS mitigation into their business continuity plans. “It pays to take a proactive stand when it comes to DDoS attacks. Never assume that your company is not a target. Getting caught with your defenses down can cost a company more than just money; it could very well cost it its very existence,” Valmonte said.
