During the COVID-19 pandemic, the financial sector has suffered the highest costs per DNS attack, compared to other industries. This was revealed in the 2021 Global DNS Threat Report, a study recently published by EfficientIP and the International Data Corporation (IDC). Damages in the financial services industry cost nearly $1.1 million per attack – whereas the average cost across all sectors is $950.000. While the average cost in the sector slightly declined compared to last year, organizations in the finance sector continue to be an attractive target for DNS attacks due to the high volume of sensitive customer and financial data.
The report found that 91% of financial institutions suffered from at least one DNS attack. Companies affected fell victim to an average of 8.3 attacks within the last 12 months, which is above the global average of 7.6. attacks. Surveyed institutions also reported it took 6.12 hours to mitigate each attack on average, which is higher than the all-industry average of 5.62 hours. Attacks on financial institutions not only hurt the companies that are being targeted by threat actors but have a wider implication for the economy and can therefore have a devastating negative impact.
The financial industry is the sector most likely to experience phishing attacks (55% of financial institutions) and DNS-based Malware (42%). Other notable DNS attack types reported were distributed denial-of-service (DDoS) attacks (35%), DNS tunnelling (30%), domain hijacking (30%) as well as Zero Day Vulnerabilities (26%).
Apart from high damage costs, the most common ramifications surveyed organizations reported were cloud service downtime (52%) and application downtime (52%), which can cause severe financial losses as they impede time-sensitive transactions in the more and more digitized finance ecosystem. Further, companies reported brand damage (23%), compromised websites (43%) and stolen customer information (24%) such as bank account details or credit card information. These effects can seriously undermine the trust in affected organizations by end users. Exfiltration of data via DNS is very common, and nearly always goes unnoticed by firewalls as they are incapable of performing the necessary context-aware analysis of traffic.
“The financial industry is one that has always been of particular interest to attackers. The sector forms one important pillar of the economy and therefore damages caused here, have vast consequences for many other sectors” says Norman Girard, CEO at EfficientIP. “Fortunately, the data also indicates that the industry is increasingly aware of the threat and is taking measures to improve its DNS security.”
According to the report, 78% of surveyed financial services institutions have turned to Zero Trust initiatives and are either planning, implementing or adopting them. 79% believe DNS domain deny-and-allow lists are highly valuable for Zero Trust, as they help control which users can access which apps. Furthermore, 55% of financial institutions have recognized the importance of DNS security for protecting remote workforces, a factor that has become especially prominent over the course of the pandemic.
It is also the industry most likely to consider implementing private DoH (DNS over HTTPS), with 56% of surveyed institutions affirming this (compared to 51% across sectors). A private DoH solution ensures all DNS traffic from users and devices uses the organization’s infrastructure, thus allowing for better security, filtering and observability. Like many other industries the financial sector believes in the critical role DNS security plays for its protection against attacks (77% of surveyed institutions agreed with this statement). This underlines the pivotal role DNS security plays and underlines it as one of the key investment areas within the financial sector to ensure secure and reliable operations.