Bank Cyber Attacks: Next steps for avoiding website outages and downtime
Summary: Despite banking industry efforts to prevent cyber attacks on banks, website outages and slowdowns have occurred on a broad scale in 2012. Moreover, its likely these denial of service (DDoS) cyber attacks on banks will continue in the future. Therefore, while prevention of cyber attacks on banks will continue to be a struggle, banks that most effectively respond to bank cyber attacks and website downtime from a “user’s perspective” will have the marketplace advantage. Moreover, a comprehensive responses to bank website outages requires an external-based “user experience” perspective. An external-based website monitoring service with financial industry expertise provides that outside perspective. As a result of external-based website monitoring, bank website administrators can quickly detect website performance issues and bank cyber attacks from a “user experience” perspective. Website administrators can also respond faster from a “user experience” because they receive alerts and diagnostic information at the time the cyber attack on banks is occurring, which helps to pinpoint the root cause of website issues. As a result, website administrators can quickly provide info to bank management as to the nature of the website issue, the Time-to-Repair (TTR) is reduced saving downtime costs, and the communication response to website users regarding the bank cyber attack and website outage is more effective – reducing the loss of customers.
Situation: When bank cyber attacks occur, fast efficient responses to website outages help avoid the loss of bank website customers
Several bank cyber attacks in late 2012 have resulted in “Website Down” messages and slow website load times including: Capital One Financial Corp., BB&T Corp., HSBC, PNC Financial, Wells Fargo Bank, JP Morgan, and Bank of America. In these cases, the bank outages have been due to denial of service DDoS attacks, which are relatively unsophisticated cyberattacks. However, due to their brute force nature, preventing a bank DDoS attack is difficult. Due the widespread bank website outages in 2012 many website users are growing numb to the inevitability of bank website outages, and instead expect faster communications around the outage itself from the banking institution.
Intermittent bank website downtime based on banking cyber attacks certainly seem likely in the future. A key strategy is mitigating the impact of the cyber attack on a bank by quickly detecting and responding to the bank cyber attack. Bank website administrators that quickly respond to bank cyber attacks and resulting website outages with clear customer messaging are perceived by customers to have a higher level of customer care and service. By focusing on mitigating the impact of cyber attacks on banks website administrators improve website outage Time-to-Repair (TTR) and can minimize the business impact of downtime to their customers and outflank the intentions of bank cyber attackers.
For more on the recent cyber attacks on banks see our posts, Update on U.S. Bancorp, PNC, Wells Fargo Outage: Reported Cyber Attack and PNC Financial: After the Website Outage, next steps.
Obstacle: Responding to bank cyber attacks and website outages from a “user’s experience” perspective requires an external-based monitoring
Round the clock detection and diagnosis of banking website issues (like DDoS bank cyber attacks) needs to be cost-effective and convenient. Moreover, accurately measuring a banking website’s “user experience” that includes network affects requires an external-based monitoring service with several capabilities. Monitoring of banking websites is most effective when it includes:
- Website uptime and server availability monitoring, as provided by ServerView Monitoring.
- Web application monitoring of logins and transaction functionality, as provided by UserView Monitoring.
- Page speed-based monitoring, as provided by BrowserView Monitoring.
Action: Implementing an external-based website monitoring service facilitates communications with banking website users users by quickly detecting, alerting, and diagnosing bank cyber attacks and website issues
A key response to DDoS attacks that most banks have put in place is external-based monitoring of websites. There are several types of website monitoring that help institutions better respond to bank cyber attacks.
- Website monitoring using HTTP/s detects (try a free test here) both a sudden server load due to mass cyber attacks on banks well as a gradual slowdowns of server performance due to a DDoS attack that is gradual in volume or is of a smaller scale.
- Website monitoring using actual browsers (try a free web page speed browser test here) detect sudden server loads at the bank home page similar to HTTP monitoring. Browser-driven monitoring also is uniquely capable of detecting issues of third-party page elements (security/trust seals, widgets, web applications, social media, etc…) served to the banking website. These third-party hosted elements may be experiencing DDoS attacks as well or (or other performance issue) separately from the bank website itself, but the fact that a third-party element is having problems can impact the banking website and will be detected.
- Web application monitoring of bank website logins, shopping carts and other customer-critical bank website “paths” (free preview and free trial here) will detect slowdowns due to bank cyber attacks and also problems with the application itself from the “user experience” perspective.
Result: The Aberdeen Group noted in a study that each 1-second delay in page speed reduces online conversions by 7%. The impact of downtime for a online banking website is at least that high. Completely preventing of bank website outages due to cyber attacks on banks is the ideal website administrators are working to achieve. However, if and until that ideal is reached, banks that employ a cost-effective means to respond quickly and efficiently to bank cyber attacks with fast detection, alerting, and diagnosis of website outages from a “user experience” perspective will have a marketplace advantage. Therefore, many banks use a trusted external-based website monitor solution for detecting server slowdowns, website performance, and web application functionality. In fact, Dotcom-Monitor website monitoring services grew out of the financial industry in the late 1990’s. Website monitoring is an important tool for banking website administrators tasked with the goal of avoiding the loss of banking customers due to bank cyber attacks and improving online customer service and revenues.