During the COVID-19 pandemic, the financial sector has suffered the highest costs per DNS attack, compared to other industries. This was revealed in the 2021 Global DNS Threat Report, a study recently published by EfficientIP and the International Data Corporation (IDC). Damages in the financial services industry cost nearly $1.1 million per attack – whereas the average cost across all sectors is $950.000. While the average cost in the sector slightly declined compared to last year, organisations in the finance sector continue to be an attractive target for DNS attacks due to the high volume of sensitive customer and financial data. Across all verticals, the data indicates that the APAC region experienced the highest increase in cost per attack, up 15% from last year.
The report found that 91% of financial institutions suffered from at least one DNS attack. Companies affected fell victim to an average of 8.3 attacks within the last 12 months, which is above the global average of 7.6. attacks. Surveyed institutions also reported it took 6.12 hours to mitigate each attack on average, which is higher than the all-industry average of 5.62 hours. Attacks on financial institutions not only hurt the companies that are being targeted by threat actors but have a wider implication for the economy and can therefore have a devastating negative impact.
The financial industry is the sector most likely to experience phishing attacks (55% of financial institutions) and DNS-based Malware (42%). The Indonesian financial sector announced cyber vulnerability earlier in the year on phishing attacks among large financial institutes when the country became one of the targets for cybercriminals. The incident found over 2 million Indonesian bank customers to be at risk for financial information and crucial personal data breach. Other countries in the region such as Malaysia also saw a growing number of DNS-based malware attacks that put not just banks at risk for cyberattacks but also insurance companies, money lender institutions and brokers. Other notable DNS attack types reported were distributed denial-of-service (DDoS) attacks (35%), DNS tunnelling (30%), domain hijacking (30%) as well as Zero Day Vulnerabilities (26%).
Apart from high damage costs, the most common ramifications surveyed organisations reported were cloud service downtime (52%) and application downtime (52%), which can cause severe financial losses as they impede time-sensitive transactions in the more and more digitised finance ecosystem. Further, companies reported brand damage (23%), compromised websites (43%) and stolen customer information (24%) such as bank account details or credit card information. These effects can seriously undermine the trust in affected organisations by end users. Exfiltration of data via DNS is very common, and nearly always goes unnoticed by firewalls as they are incapable of performing the necessary context-aware analysis of traffic.
“The financial industry is one that has always been of particular interest to attackers. The sector forms one important pillar of the economy and therefore damages caused here, have vast consequences for many other sectors” says Norman Girard, CEO at EfficientIP. “Fortunately, the data also indicates that the industry is increasingly aware of the threat and is taking measures to improve its DNS security.”
According to the report, 78% of surveyed financial services institutions have turned to Zero Trust initiatives and are either planning, implementing or adopting them. 79% believe DNS domain deny-and-allow lists are highly valuable for Zero Trust, as they help control which users can access which apps. Furthermore, 55% of financial institutions have recognised the importance of DNS security for protecting remote workforces, a factor that has become especially prominent over the course of the pandemic. Key financial organisations and service sectors in Southeast Asia including the Monetary Authority of Singapore (MAS) have already implemented more stringent risk management guidelines to minimise the chances of a cybersecurity breach occurring. It is also the industry most likely to consider implementing private DoH (DNS over HTTPS), with 56% of surveyed institutions affirming this (compared to 51% across sectors). A private DoH solution ensures all DNS traffic from users and devices uses the organisation’s infrastructure, thus allowing for better security, filtering and observability. Like many other industries the financial sector believes in the critical role DNS security plays for its protection against attacks (77% of surveyed institutions agreed with this statement). This underlines the pivotal role DNS security plays and underlines it as one of the key investment areas within the financial sector to ensure secure and reliable operations.
For more on the impact of DNS attacks on the financial sector and how companies can protect themselves, please read the full report. The 2021 Global DNS Threat Report is available online at https://www.efficientip.com/resources/idc-dns-threat-report-2021/.