- This indicates that institutions like banks are spending up to $13 million per year.
- In 2017, financial services were paying $924,390 for a single DNS attack.
DNS-based attacks are on the rise as organizations continue to use the traditional firewalls. This has not just impacted the operation of businesses but has also increased the average cost of expenditure to mitigate such situations.
What is the new cost?
In the ‘2019 Global DNS threat Report’, analysts from EfficientIP have revealed that on average, companies are suffering nearly 10 attacks a year. As a result, this has forced the companies to spend an average of around $1.3 million to restore services after each DNS attack.
This indicates that institutions like banks are spending up to $13 million per year - which is an increase of 40 percent - to address DNS attacks.
In 2017, financial services were paying $924,390 for a single DNS attack.
Why financial services?
Financial services hold a vast trove of personal and payment data of customers, including money. With so much as stake, the networks of financial organizations are a predictable prime target for DNS attacks.
"Financial services organizations have always been the gatekeepers of customers' money, providing vital services people expect to be able to use all day and night," said David Williamson, CEO of EfficientIP.
What is a DNS attack?
The Domain Name System (DNS), basically referred to as the internet’s phone book, converts domain names into IP addresses.
Hackers exploit the DNS for two purposes:
- To redirect victims to a legitimate-looking fake website that harvest their data in phishing attacks;
- To disrupt companies’ access to their own applications or website and cause downtime. In some cases, hackers often demand a ransom to return the connection.
Security lags are still prominent
While 65% of financial organizations surveyed are either already using or planning to incorporate zero trust architecture, there are still over 67% that that did not perform any DNS traffic analysis for their internal threat intelligence program. Around 43% have adopted very little or no automation in their network security policy management.