Four out of five financial organizations experienced a DNS attack last year, according to IDC 2020 Global DNS Threat Report
59% of Financial Services companies suffered application downtime as a result of a DNS attack
WEST CHESTER, Pa.--(BUSINESS WIRE)--EfficientIP, a leading specialist in DNS security for service continuity, user protection and data confidentiality, revealed today that organizations in the financial services sector suffer the highest cost per DNS attack, compared to organizations in other industries. Financial services respondents to the 2020 Global DNS Threat Report experienced DNS attacks that cost on average $1.275 million per attack, compared to $924,000 per attack across all sectors. While overall costs for DNS attacks in the financial sector have slightly gone down in the past year, financial organizations continue to be an attractive target for DNS attacks.
With 900 respondents from nine countries across North America, Europe and Asia, the report found that nearly four out of five organizations (79%) experienced DNS attacks. The Report demonstrates that financial institutions, on average, are victims of more than 10 attacks each year, indicating hackers’ preference to reach high value targets connected to the broader economy and sensitive customer data. In addition, attackers appear to favor DNS-based malware (42%) and phishing attacks (38%), with DDoS not far behind at 33%.
Next to high damage costs, the most common ramifications included in-house application downtime, experienced by nearly 60% of organizations, and cloud service downtime, experienced by 53% of financial services organizations and up 8% from last year. Apart from the financial implications and severe brand damage caused, the effect on end user experience is likely to be of great concern to Financial Service executives. As is the potential theft of highly sensitive data, such as credit card numbers and bank account details. To mitigate effects, 58% of respondents shut down specific affected processes and connections and 49% disabled the affected applications.
In light of these worrying numbers, awareness of how to combat these attacks is improving: 85% of financial services respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 77% across industries. Additionally, use of Zero Trust strategies is maturing: 78 % of companies in the sector are now running, piloting or planning Zero Trust, up from 65% last year.
David Williamson, CEO, EfficientIP, commented: “The data held by banks and other financial institutions is valuable; it is used in particular to understand and analyze the needs of customers and contains a lot of highly sensitive private information. This makes the financial sector, which is closely interconnected with the rest of the economy, particularly attractive to hackers. Indeed, a successful DNS attack on a large U.S. or European bank could likely have a great ripple effect on the global financial system.”
DNS security must be an investment priority for financial institutions. While a “Zero Trust” strategy is particularly effective, companies can also make better use of threat intelligence and User Behavioral Analytics, to enhance attack protection capacity. A DNS security solution can feed SIEMs (Security Information and Event Management) and SOCs (Security Operations Centers) with actionable data & events, thus simplifying and accelerating detection and remediation.
The full 2020 Global DNS Threat Report is available online. Read the full report here: https://www.efficientip.com/resources/idc-dns-threat-report-2020/
NOTE TO EDITORS
The research was conducted by IDC from January to April 2020. The data collected represents respondents' experience for the previous year. The results are based on 900 respondents in three regions - North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers.
EfficientIP is a network automation and security company, specializing in DNS-DHCP-IPAM solutions (DDI), with the goal of helping organizations worldwide drive business efficiency through agile, secure and reliable infrastructure foundations. We enable IP communication and simplify network management with end-to-end visibility and smart automation, while our patented technology secures DNS services to safeguard data and ensure application access. Companies in all sectors rely on our offerings to face the challenges of key IT initiatives such as cloud applications and mobility. For further information, please visit: www.efficientip.com
APCO Worldwide for EfficientIP