IDC Report: Financial Services Organizations Suffer 10 DNS Attacks a Year

Kelvion New Plate Heat Exchanger

The 2019 Global DNS Threat Report, an annual study on DNS attacks commissioned by EfficientIP and conducted by IDC with 900 CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers participating, has revealed that the financial services sector is the most targeted industry.

Financial services organizations experienced an average of ten attacks a year, a 37% increase from last year.

IDCIn addition, 47% of financial services organizations were subject to DNS-based phishing scams, according to the IDC report. Last year, a single DNS attack cost each financial services organization $924,390. This year the research shows that each organization on average spent $1,304,790 to restore services after each DNS attack, the most out of any sector and an eye-watering increase of 40%.

Rising costs is only one of the consequences DNS attacks caused for the financial services sector. The most common impacts included cloud service downtime, experienced by 45% of financial organizations, and in-house application downtime (68%).

Using Machine Learning

EfficientIP Just over 67% of financial organizations perform no DNS traffic analysis for their internal threat intelligence program, and 43% have adopted very little or no automation at all in their network security policy management. This would still leave the financial services sector vulnerable to DNS attacks, which appear to be on the rise. On the positive side, financial services organizations do see real value in using machine learning to bring predictive security into their capabilities. 90% of respondents see this as particularly useful for detecting unknown (‘zero-day’) malicious domains.

“Financial services organizations have always been the gate-keepers of customers’ money, providing vital services people expect to be able to use all day and night,” said David Williamson, CEO, EfficientIP. “With so much at stake, the networks of financial services organizations are a predictable, prime target for DNS attacks.”