DNS based attacks hit 82% of companies, with financial services the worst hit

According to the latest IDC DNS Survey, 82% companies have experienced a domain name system (DNS) attack in the last year, while 63% of companies have suffered application downtime – costing an average of $1.07M every time. the report also revealed that the financial services industry is the most targeted sector.

These figures were revealed in 2019 Global DNS Threat Report: Understanding the Critical Role of DNS in Network Security Strategy, an IDC InfoBrief sponsored by EfficientIP, a network automation and security company.

The report highlights that the most targeted industry, with 88% attacks last year, is the Financial Services industry.

In order to increase Europe’s preparedness to ward off cyber incidents and to achieve consistent protection against cyberattacks across all member states, the EU adopted the Network and Information Security (NIS) Directive in August 2016. The NIS Directive is focused on the protection of essential services and digital services such as online marketplaces, online search engines, and cloud computing services. The initiative has a broad focus on protecting infrastructure, including physical assets, and there is a primary emphasis on resilience, incident management, and business continuity management.

GDPR regulation has been in force since May 2018. Important investments have been made by organizations in all countries, notably to strengthen network security defenses. As part of a security technology strategy, DNS traffic monitoring analysis is considered one of the most effective ways to protect data confidentiality.

Also, Organizations see a positive impact from GDPR legislation, feeling it will sustain the need to deploy stronger security defenses. Ongoing data privacy compliance initiatives strategies in other countries (CLOUD Act, NISD, PDPA, etc.) will also benefit.

DNS: A critical service for all businesses

By nature, DNS is an open service to the network, and its mission-critical role for routing application access makes it a primary attack vector and target for hackers. The spectrum of DNS attacks illustrates this fact; compared to last year, it is much broader as the percentage of each attack type suffered has significantly increased, from volumetric to low signal attacks.

From the findings in the report, it is evident that DNS is a critical service for all businesses, and warrants purpose-built security to protect users, apps and data on your network. The report had the following recommendations:

1. Implementing internal threat intelligence to protect your enterprise data and services.
2. Making use of DNS for ensuring security compliance.
3. Leveraging DNS’s unique traffic visibility in your network security ecosystem to help SOCs accelerate remediation.

The full report can be downloaded here.

Prem Khatri – Vice President of Operations, Chetu, Inc. wrote in an article on The Global Treasurer last month: “The banking sector has been under attack for hundreds of years. First, it was the physical theft of monies. Then it was computer fraud. Today, it’s not only cyber fraud but hacks into servers to obtain a customer’s personally identifiable information (PII). Hence, the reason why cyber security in banking is of utmost importance.”