Guest: Steve Winterfeld (LinkedIn)
Company: Akamai
Show Name: CISO Insights
Topics: Cybersecurity, Cloud Security

Distributed Denial of Service (DDoS) attacks are making a fierce comeback, and this time, the scale and velocity are unlike anything we’ve seen before. In this episode, Steve Winterfeld, Advisory CISO at Akamai, discussed the company’s ongoing collaboration with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and what their joint annual report reveals about the changing threat landscape.

The FS-ISAC, representing over 5,000 financial institutions worldwide, is a global hub where banks and trading houses share real-time intelligence to strengthen collective cybersecurity. Akamai, a founding partner in FS-ISAC’s critical provider program, contributes an unmatched level of visibility into DDoS activity. With protection spanning more than 400 banks globally, Akamai collects and analyzes vast amounts of data to detect and understand emerging threats.

Winterfeld explained that while DDoS attacks have always been a persistent issue, the nature of these attacks has shifted. A few years ago, the focus was on multi-vector complexity — attackers deploying several types of attacks simultaneously to overwhelm defenses. Today, the emphasis has moved back to sheer scale. “Instead of testing if you can handle multiple types of attacks at once, they’re testing if you can handle the new peak of volume,” he noted.

This escalation in attack volume means that traditional defenses — particularly those designed for moderate traffic surges — are being pushed to their limits. Organizations that rely solely on ISPs or outdated filtering solutions may find themselves exposed. Winterfeld encourages companies to look at the reported record-breaking attack sizes and compare them against their own protection thresholds. “You want to make sure your customers always have access,” he said. “If your provider can’t absorb the traffic, you’re at risk of downtime.”

The financial services sector remains the most targeted, but the attacks are evolving in where they hit hardest. Application layer (Layer 7) and API attacks are on the rise, with Akamai reporting a 58% increase in API-based DDoS events. As more services shift to machine-to-machine communication, attackers follow — exploiting APIs as the new weak link in digital customer engagement.

Beyond pure cybercrime, Winterfeld also pointed to an emerging hybrid motivation: hacktivism tied to geopolitical conflict. Over the past three to five years, Akamai has seen growing evidence of politically motivated attacks, especially targeting European and Middle Eastern financial institutions. “The motivation is shifting from profit to politics,” he said.

The partnership between Akamai and FS-ISAC demonstrates how collaboration across the private sector can raise the collective defense bar. By sharing anonymized threat intelligence and data-driven insights, both organizations aim to equip banks and enterprises with actionable awareness — before the next record-breaking DDoS hits.