EfficientIP has published survey results that show that organizations in the financial services sector suffer the highest cost per DNS attack, compared to organizations in other industries. Financial services respondents to the 2020 Global DNS Threat Report survey experienced DNS attacks that cost on average $1.275 million per attack, compared to $924,000 per attack across all sectors. While overall costs for DNS attacks in the financial sector have slightly gone down in the past year, financial organizations continue to be an attractive target for DNS attacks.
With 900 respondents from nine countries across North America, Europe and Asia, the survey found that nearly four out of five organizations (79 percent) experienced DNS attacks. The Report demonstrates that financial institutions, on average, are victims of more than 10 attacks each year, indicating hackers’ preference to reach high value targets connected to the broader economy and sensitive customer data. In addition, attackers appear to use DNS-based malware (42 percent) and phishing attacks (38 percent), with DDoS not far behind at 33 percent.
Next to high damage costs, the most common ramifications included in-house application downtime, experienced by nearly 60 percent of organizations, and cloud service downtime, experienced by 53 percent of financial services organizations and up 8 percent from last year. Apart from the financial implications and severe brand damage caused, the effect on end user experience is likely to be of great concern to financial services sector executives. As is the potential theft of highly sensitive data, such as credit card numbers and bank account details. To mitigate effects, 58 percent of respondents shut down specific affected processes and connections and 49 percent disabled the affected applications.
In light of these worrying numbers, awareness of how to combat these attacks is improving: 85 percent of financial services respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 77 percent across industries. Additionally, use of Zero Trust strategies is maturing: 78 percent of companies in the sector are now running, piloting or planning Zero Trust, up from 65 percent last year.