Cybercriminals use distributed denial-of-service (DDoS) attacks to disrupt a machine or network’s online services by overwhelming it with high-volume traffic. For credit unions, DDoS attacks are dangerous distractions that hide fraud, aid in the installment of malware and viruses, or open a breach to steal financial assets and member data. For the duration of the attack, online banking portals may be shut down, damaging member trust and the credit union’s reputation.
DDoS mitigation can be very expensive, but the damage a successful attack can inflict may be even more so. Credit unions need to consider what mitigation efforts they are adopting in 2019. Beyond implementing adequate internal security measures, there is a wealth of mitigation services and technology credit unions can choose from, whether it be partnering with a mitigation service provider, acquiring powerful premise-based appliances or using cloud services.
Web application firewalls (WAFs) protect against a number of cyberattacks, including DDoS, XSS, SQL injections and more. As the name suggests, this type of firewall is specially designed for web applications and detects malicious traffic in advance, acting as a frontline defense. WAFs have a reputation for being cost-effective and easy to customize and deploy, making them a safe bet for many organizations that are at risk for attack. However, they work best in a layered defense with other services, such as cloud- or appliance-based mitigation.
Cloud-based solutions offer many advantages for organizations that have applications hosted in the cloud (which cannot be protected by premise-based appliances). Cloud services are generally more affordable than appliance-based or hybrid models and come in the form of subscriptions rather than large upfront purchases. Cloud solutions also generally have more capacity to deal with larger attacks but come at the cost of fewer customization options for organizations.
Premise-based appliances are devices designed to work along with other channels of protection, such as firewalls. Appliances come with many benefits, such as giving organizations greater control over their DDoS protection, but they can lack capacity to deal with larger attacks, are cost-prohibitive and now are often used in conjunction with a mitigation provider or cloud service.
This option offers the best of both worlds for organizations who can afford it. A hybrid approach allows for an appliance to inspect traffic in real time and mitigate most attacks, while larger attacks may be diverted to a cloud scrubbing center.
At the end of the day, credit unions will have to choose what combination of mitigation services has the features they want and what works best with their existing processes.