3 Ways Credit Unions Can Prepare for a Cyber Extortion


3 Ways Credit Unions Can Prepare for a Cyber Extortion

Distributed denial-of-service (DDoS) is a form of cyberattack where criminals attempt to disrupt a machine or network’s online services by overwhelming it with high-volume traffic. For credit unions, this means preventing members from conducting legitimate online transactions and creating a customer service debacle.

Credit unions should develop internal protocols as well as work with existing third-party technology vendors to proactively defend against and recover from cyber security threats, like DDoS attacks. Here are three steps that can help any financial institution prepare for a possible DDoS attack.

1. Create a recovery plan

As with many other cybersecurity threats, the first step many organizations take in protecting themselves against DDoS attacks is having a disaster response and recovery plan in place. This includes an inventory of technical competencies as well as a step-by-step outline of retaining business continuity in the event of a successful attack. A recovery plan is comprised of three basic parts: risk analysis, strategy and recovery timeline.

Risk analysis

It is important to inventory the number of internet-dependent processes and services a credit union has. Where and what can fraudsters target? How would the network handle a DDoS attack if one happened right now? What options are available for response if an attack occurs?

Financial institutions may investigate partnering with a cybersecurity vendor for a detailed environment scan to search for weak spots and points where the network can be attacked, as well as a list of threats by priority. Common shortcomings include risk from backdoor access — either created intentionally or through malware — and threats that target third-party vendor services.


This part of the recovery document will outline a process for the credit union to follow in case of a DDoS attack. It is important to lay out beforehand each employee’s role while responding to an incursion. A DDoS attack may affect many other parts of a credit union besides just the technology team. If a financial institution’s website and banking portal are down, marketing and communications should be agile enough to inform members as soon as the attack is detected. Customer service agents must be on hand to take any questions that members may have.

Recovery timeline

Credit unions need a response timeline in place before an attack occurs to establish what actions to take from the second a DDoS attack is detected. This timeline changes depending on what kind of DDoS mitigation tactics an organization deploys, but there will always be three phases: detection, response and recovery. Detection and response can either be handled by internal IT personnel or third-party mitigation services. Recovery, however, requires an all-hands-on-deck approach.

When an attack is over, and the network is available for use again, it may be unwise to allow members to connect all at once, further straining servers. Instead, consider a strategy that would slowly stagger the number of members using your services at any one time until things are back to normal.

2. Shore up mitigation

Banks and credit unions are favorite targets for cybercriminals and for DDoS attacks in particular. So it’s not news that cybersecurity is a priority budget item. According to Neustar, a technology company specializing in digital defence, more than 80 percent of companies are investing in greater DDoS mitigation. Their top motivation for doing so is preserving customer confidence and brand reputation, preventing ransomware and strengthening existing protection.

3. Ensure basic security needs are met

DDoS attacks are launched from networks of compromised computers and machines commonly referred to as a botnet. These “zombie” computers have been breached with malware, usually completely unknown to their owners, and can be directed by cybercriminals to participate in DDoS attacks or other illegal activities. Before organizations seek out preventative measures that deal directly with DDoS, they should ensure their basic security needs are met and their machines are protected.

« Return to "CUSG Blog Corner"