Financial Services Worst Affected Sector for DNS Attacks

The financial services industry is the worst affected sector for domain name system attacks, which cyberattackers increasingly use to break into banking systems, costing finservs more than the 900 grand to restore services.

West Chester, Pa.-based network automation and security company EfficientIP in its “2018 Global DNS Threat Report,” revealed last year, a single financial sector cost each organization $588,200. This year’s cost, $924,390, represented an annual increase of 57%.

The report also reported financial organizations suffered an average of seven DNS attacks last year, with 19% attacked ten times or more in the last twelve months. The most common effects of DNS attacks are cloud service downtime, experienced by 43% of financial organizations, compromised websites (36%), and in-house application downtime (32%).

Second to the public sector, financial services also take the longest to mitigate an attack, spending an average of seven hours. In the worst cases, some 5% of financial sector respondents spent 41 days just resolving consequences of their DNS attacks in 2017.

While 94% of financial organizations comprehend the criticality of having a secure DNS network, overwhelming evidence from the survey shows they need to take more action. Failure to apply security patches in a timely manner is a major issue for organizations. EfficientIP’s 2018 Global DNS Threat Report revealed 72% of finance companies took three days or more to install a security patch on their systems, leaving them open to attacks.

“The DNS threat landscape is continually evolving, impacting the financial sector in particular,” David Williamson, CEO, EfficientIP, said. “This is because many financial organizations rely on security solutions which fail to combat specific DNS threats.” He noted finservs increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. “Therefore, network service continuity and security are a business imperative and a necessity.”

EfficientIP recommends five best practices:

1. Enhance threat intelligence on domain reputation with data feeds which provide menace insight from global traffic analysis. This protects users from internal/external attacks by blocking malware activity and mitigating data exfiltration attempts.
2. Augment threat visibility using real-time, context-aware DNS transaction analytics for behavioral threat detection. Businesses can detect all threat types, and prevent data theft to help meet regulatory compliance such as Europe’s GDPR and the U.S.’s CLOUD Act.
3. Apply adaptive countermeasures relevant to threats. The result is ensured business continuity, even when the attack source is unidentifiable, and practically eliminates risks of blocking legitimate users.
4. Harden security for cloud/next-gen datacenters with a purpose-built DNS security solution, overcoming limitations of solutions from cloud providers. This ensures continued access to cloud services and apps, and protects against exfiltration of cloud-stored data.
5. Incorporate DNS into a global network security solution to recognize unusual or malicious activity and inform the broader security ecosystem. This allows holistic network security to address growing network risks and protect against the lateral movement of threats.

The report was conducted by Coleman Parkes from January to April 2018. The results are based on 1,000 respondents in three regions: North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers. Financial sector organizations comprised 14% of the entire survey base.