There are cybercriminal trends that, no matter how long they’ve been around or how much they are fought against, continue to top the list of attacks at a global level. This is why, even if the attempts to stop them make a little headway, the end balance seems to favor the cyberattackers.
There are also some sectors that are particularly susceptible to suffering the consequences of cybercrime. One such sector is finance, which, when facing a cyberattack, has to deal with economic and material losses, as well as damage to its reputation and brand, something that can come from its own customers.
One of the greatest threats for the financial sector are DNS cyberattacks. For proof of this, we need look no further than the 2019 Global DNS Threat Report. This is a survey of 904 organizations all over the world, carried out in the first half of 2019 to discover their situation with regards to cyberattacks and how they are affected by them.
88% suffer DNS attacks_
The first figure from the report that needs to be highlighted offers an insight into the current situation: according to the survey, 88% of financial companies have suffered a DNS cyberattack in the last year. In fact, this isn’t a one-off; the companies surveyed state that they’ve suffered up to ten cyberattacks in just one year.
The impact of these incidents is serious: according to the financial companies surveyed, each cyberattack costs them around €1.16 million. The figure is striking in absolute terms, but much more so in relative terms: this is a 40% increase compared to 2018, when DNS cyberattacks cost these companies an average of €830,000.
The consequences of the attack_
For a company that suffers a DNS cyberattack, there is a long list of consequences, which may get worse with time:
1.- Downtime. Any cyberattack of this kind can cause the company affected to suffer downtime. In this case, in fact, downtime will be double: on the one hand, internally, until the system is restored. On the other hand, external, until the company can restart its website to allow customers and users to access it normally.
2.- Economic damage The economic damage suffered by these organizations don’t just come from reparing the system afer the attack. In specific cases, they can be hit by sanctions for violating regulations such as the GDPR. If this is the case, they could have to face fines up up to €20 million or 4% of their annual turnover.
3.- Phishing. In many DNS attacks, one of the most common strategies followed by cyberattackers is to redirect the financial company’s URL to a new domain masquerading as the original. In these cases, the attacker will try to steal the user in question’s credentials in a phishing attack that could even lead to identity fraud.
4.- Reputational damage Trust is a key pillar in the system, given that without it, economic agents would cease to carry out transactions among themselves. The loss of trust has caused bank runs leading to massive withdrawals of funds, with catastrophic ramifications for financial institutions and national economies. This is why reputation is an especially sensitive factor when it comes to financial institutions. Bearing in mind the fact that cyberattacks can cause serious reputational damage, cybersecurity must be one of the essential tools for protecting these entities.
A dangerous lack of protection_
One could be forgiven for thinking that, given their size and the resources available to them, most financial entities would be able to properly protect their DNS, and that cyberattacks using this vector are the exception rather than the rule. The reality is, however, quite different. The report highlights the fact that 67% of the financial companies surveyed don’t analyze DNS traffic as part of their cybersecurity strategy. Among the multiple flanks where their IT security can be infringed, their DNS tends to be left unprotected.
But what about financial companies that do fight to protect their DNS? The report draws two main conclusions regarding cybersecurity solutions:
- In light of the facts, traditional solutions are not effective enough, since the level of incidents is still very high.
- IDC states that many current cybersecurity solutions do not follow adequate update protocols. In an ever-changing environment where cyberattackers constantly renew their attack strategies, this constitutes a clear weakness.
It is therefore essential that DNS cybersecurity protection must be both wide-ranging and kept up-to-date. An optimal response are Cytomic’s advanced security solutions, which include EPP and EDR capabilities. With Cytomic EDR, organizations can efficiently detect and respond to any kind of unknown malware, thanks to the Zero-Trust App Service, which stops anything from running until it can be classified as trusted. On the other hand, Cytomic EPDR combines these EDR capabilities with endpoint protection capacities, which cover computers, servers, digital environments, and mobile devices, thus reducing the attack surface of all of these elements. This way, these entities will have the level of cybersecurity that they need to deal with both known and newly-created threats on their whole environment.