DNS security risk for financial institutions

By Ronan David, EfficientIP

The financial services industry has a target on its back. Not from the typical regulatory or compliance issues, or even actual business performance. In this case, the focus is on the fact that these companies are hosting the personal and financial data of millions of people, and they are vulnerable.

cybersecurity risk for financial institutions

Weak security is to blame, particularly at the Domain Name System (DNS) level, an easy entry point into a business network. According to IDC’s 2019 Global DNS Threat Report, financial services was the most besieged of any industry. A whopping 88% of institutions experienced under the radar cyberattacks at the DNS level in the past 12 months.

The average financial services company experienced 10 attacks per year, a 37% increase from 2018. A major cause of the breaches was DNS-based phishing scams, with almost half (47%) of firms falling prey. This means hackers aren’t just relying on weakness within the network to penetrate an organization, but also preying on vulnerable users.

As a result, these businesses are spending big to fix the damage – on average $1.3 million per attack to remediate. A single DNS attack cost each organization almost one million dollars ($924,390 to be exact). It’s obvious why this industry is a target and sweet spot – access to finances and personal information are so readily available. It’s a hackers’ dream.

Where are financial institutions failing in security?

Shouldn’t these be the most bulletproof businesses in the world? One would think, but there is much to be done. Managing a cyber threat before it reaches the intended source does not appear to be a priority, so financial firms are falling down in two main areas:

DNS cybersecurity risk
  1. Lack of adoption for network automation. Many financial services organizations have failed to adopt network automation for their security policy management. Created as a safeguard to stop the spread of attacks, systems that stop and block are designed to quarantine and then eradicate any suspicious activity before it spreads. According to the research, 43% of large financial institutions have very little to no automation in their security policy.
  • Slow to move on Zero Trust architecture. Zero Trust is a concept in which an organization adopts the philosophy of ‘nothing inside or outside the business can or should be trusted.’ So, everything must be verified before it has access. The good news is that 65% of financial organizations are either now using or plan to use Zero Trust, but they still seem to be behind the curve when it comes to DNS.

    For example, very few are using analytics to enhance overall network security. Over 67% perform no DNS traffic analysis for their internal threat intelligence program, and 43% have adopted very little or no automation at all in their network security policy management. This leaves the sector incredibly vulnerable to attacks.

The real question businesses need to ask themselves is when is enough, enough?

What’s at stake?

DNS attacks threaten financial institutions security

Companies need to put plans in place to make changes. Now. Especially since the consequences continue to get scarier. It isn’t just the loss of funds that is at stake. There are many other detrimental effects such as cloud-service downtime, which was experienced by 45% of organizations, as well as in-house application downtime (68%), both of which slow down a business while at the same time putting it at risk.

We all remember the Equifax breach. In the summer of 2019, the company agreed to pay $575 million in fines (which could go as high as $700 million) in a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and all 50 US states and territories. The fine was explicitly tied to the company’s “failure to take reasonable steps to secure its network.” 

Equifax should be the exception, not the rule. Amplifying security measures for financial services organizations is a business imperative and as research shows, it starts at the DNS level by keeping hackers at bay and preventing services from halting. Without it, this industry can cave in on itself.

Financial services companies need to practice what they preach. Consumers trust them to be reliable gatekeepers for their money and personal data. The sector needs to step up to the plate now and be the gatekeeper for its own security.

Ronan David, VP Strategy, EfficientIP

Ronan David is Vice President of Strategy for EfficientIP where he develops strategic direction for EfficientIP, which delivers fully integrated network security and automated solutions for DDI (DNS-DHCP-IPAM). He oversees EfficientIP’s customer and partner relationships and is also a technical advisor for key clients in finance, insurance, telecommunications, retail, transportation, and the public sector, driving solutions to improve network security, performance, and availability.