The 2018 Global DNS Threat Report, shared by EfficientIP, specialists in network protection, revealed the financial services industry is the worst affected sector by DNS attacks, the type cyber attackers increasingly use to stealthily break into bank systems.
Last year, a single financial sector attack cost each organization $588,200. This year the research shows organizations spent $924,390, to restore services after each DNS attack, the most out of any sector and an annual increase of 57%.
The report also highlights financial organizations suffered an average of seven DNS attacks last year, with 19% attacked ten times or more in the last twelve months.
Rising costs are not the only consequences of DNS attacks. The most common impacts of DNS attacks are cloud service downtime, experienced by 43% of financial organizations, a compromised website (36%), and in-house application downtime (32%).
DNS attacks also cost financial institutions time. Second to the public sector, financial services take the longest to mitigate an attack, spending an average of seven hours. In the worst cases, some 5% of financial sector respondents spent 41 days just resolving impacts of their DNS attacks in 2017.
While 94% of financial organizations understand the criticality of having a secure DNS network for their business, overwhelming evidence from the survey shows they need to take more action. Failure to apply security patches in a timely manner is a major issue for organizations. EfficientIP’s 2018 Global DNS Threat Report reveals 72% of finance companies took three days or more to install a security patch on their systems, leaving them open to attacks.
David Williamson, CEO, EfficientIP, comments on the reasons behind the attacks. “The DNS threat landscape is continually evolving, impacting the financial sector in particular. This is because many financial organizations rely on security solutions which fail to combat specific DNS threats. Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.”