They're also turning to the Financial Services Information Sharing and Analysis Center for support and to share information about threats.
"In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other," says Rich Bolstridge, chief strategist of financial services at Akamai Technologies.
The financial sector's strategy is one that could and should be adopted elsewhere, regardless of industry.
5. Have your playbook ready
Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks.
"Enterprises are paying more attention to these attacks and planning how they'll respond. And they're getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks," says Tsantes.
IBM's Price agrees. "Organizations are getting better at response. They're integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren't caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions," she says.
Now that many larger financial institutions have hardened their DDoS defenses, observers are concerned that attackers will broaden their nets to include smaller banks, credit unions and even other industries.
"The one good thing about these rounds of attacks is that they've caught the attention of management at regional banks, and they're asking about what needs to be done so that the organization is best prepared," says the IT security officer at a regional bank in the mid-Atlantic.
"Many smaller banks are gearing up as a result of watching the larger institutions being attacked. They see that they too can be victims, and they're choosing to be proactive," says Bolstridge.
For most, explains Price, that means increased reliance on service providers and managed security services providers.
"They're having their systems assessed for resiliency, and they're making sure that their service providers are prepared for potential attacks and that they also have adequate protection in place," she says.
6. Watch out for secondary attacks
As costly as these attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack.
"DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information," Price says.
7. Be worried, even if you're not a bank
Although recent attacks have been concentrated on financial institutions, experts are concerned about industry crossover.
"We don't want to see this level of attacks cross over into healthcare and other industry segments. They're not as well equipped because they don't necessarily consider themselves a target," says Bolstridge. "It'd be some good news if others looked at this as a wake-up call and took a good assessment of their risk."
Sharing information is an essential part of that. "The attackers certainly share their information with each other. And really, only the first attacker has to be smart. Beyond that its just implementing software for everyone," he says.
The good guys should take a page from that playbook.
George V. Hulme is a freelance writer based in Minnesota. Follow him on Twitter: @georgevhulme.