During the COVID-19 pandemic, the financial sector suffered the highest costs per DNS attack, compared to other industries.
Damages in the financial services industry cost nearly $1.1 million per attack – whereas the average cost across all sectors is $950.000, a 2021 Global DNS Threat Report published by EfficientIP and IDC found.
While the average cost in the sector slightly declined compared to last year, organisations in the finance sector continue to be an attractive target for DNS attacks due to the high volume of sensitive customer and financial data.
The majority or 91% of financial institutions suffered at least one DNS attack. Companies affected fell victim to an average of 8.3 attacks within the last 12 months, above the global average of 7.6. attacks. Surveyed institutions also reported it took 6.12 hours to mitigate each attack on average, higher than the all-industry average of 5.62 hours.
“The financial industry is one that has always been of particular interest to attackers. The sector forms one important pillar of the economy and therefore damages caused here can have vast consequences for many other sectors” said Norman Girard, CEO at EfficientIP.
“It is likely that we will continue to see an increase in cyber attacks on financial sectors and services in the coming months if proper preventive measures are not put in place. There are constant attempts by malicious actors to breach such high-value targets not just in Asia but all over the world during the adaptation to Covid-19,” said Girard, answering queries from IT News Asia on the DNS study.
Why is APAC now more vulnerable?
Across all verticals, the data indicates that the APAC region experienced the highest increase in cost per attack, up 15% from 2020.
An already rapidly moving digitalisation push was further sped up by the pandemic as many businesses and people were forced to move online. This placed additional strain on the digital security landscape, which was not able to develop in tandem with the digitalisation push.
As of May 2021, the APAC region was experiencing a 186% year on year increase in cyber attacks.
The Indonesian financial sector announced cyber vulnerability earlier in the year on phishing attacks among large financial institutes when the country became one of the targets for cybercriminals. The incident found over 2 million Indonesian bank customers to be at risk for financial information and crucial personal data breach.
Malaysia also saw a growing number of DNS-based malware attacks that put not just banks at risk for cyber attacks but also insurance companies, money lender institutions and brokers.
Girard said the region is particularly vulnerable to cyber attacks due to the rapid digitalisation of the region. Regulations and protective measures are usually created retroactively instead of proactively in many countries leading to a greater chance of cyber attacks occurring.
DNS attacks have negative consequences to activities in the finance industry including cloud service and application downtime.
“Cloud service and application downtimes are two other related issues that may arise due to the denial of service and are problematic in the event of time-sensitive transaction,” said Girard.
“There would not only be monetary repercussions to the service provider, but also a loss of trust in the service provider which could ultimately harm their business.”
Furthermore, he said DNS attacks may also be used to exfiltrate personal data, and in the financial sector, such sensitive data of credit card and banking information. This could potentially contribute to more forms of fraud taking place with the data that had been extracted, contributing to a spillover effect.
The region is particularly vulnerable to cyber attacks due to the rapid digitalisation of the region. Regulations and protective measures are usually created retroactively instead of proactively in many countries leading to a greater chance of cyber attacks occurring.
- Norman Girard, CEO at EfficientIP
Fortunately the industry is not sitting back
“Our DNS Threat Report findings also points that the industry is aware of potential threats and are working to implement tools to strengthen their security,” said Girard.
For example, key financial organisations and service sectors in Southeast Asia including the Monetary Authority of Singapore (MAS) have already implemented more stringent risk management guidelines to minimise the chances of a cybersecurity breach occurring.
The DNS study said the industry is addressing the threat and considering implementing private DoH (DNS over HTTPS), with more than half or 56% of surveyed institutions affirming this (compared to 51% across sectors). A private DoH solution ensures all DNS traffic from users and devices uses the organization’s infrastructure, thus allowing for better security, filtering and observability.
About three-quarters or 78% of surveyed financial services institutions have turned to Zero Trust initiatives and are either planning, implementing or adopting them. Four in five institutions believe DNS domain deny-and-allow lists are highly valuable for Zero Trust, as they help control which users can access which apps.
“Filtering DNS queries at an individual client level offers the micro-segmentation required by zero trust strategies with respect to controlling which users are allowed to access which apps. This can potentially be done by creating multiple groups of users within the organization (HR, Accounting, IT etc..), and creating deny or allow lists of domains/apps,” said Girard.
“By mapping the groups to the domain/app lists, financial institutions can implement more granular security policies and significantly improve control over which user or device can access their infrastructure.”
The 2021 Global DNS Threat Report was conducted by IDC on behalf of EfficientIP with 1,114 organisations across the world and focussed on their experiences in 2020 amidst the global pandemic.