Finance firms faced up to £760,000 costs per DNS attack during pandemic

Financial services firms have been hit hardest by domain name system (DNS) cyber attacks during the Covid-19 pandemic, with the most expensive attacks costing an average of £750,000.

Figures from research firm IDC showed that during the pandemic, 91% of financial services companies across the world were hit by DNS attacks in the form of phishing, distributed denial of service (DDoS) and DNS-based malware.

According to the IDC 2021 Global DNS threat report, research carried out with network security company EfficientIP found that 52% of finance firms were hit by phishing attacks and 42% were hit by DNS-based malware.

Individually, financial services firms faced an average of 8.3 attacks each over the past 12 months, compared with the global average of 7.6 attacks. It took financial services companies more than six hours on average to mitigate attacks, compared with just over five and a half hours for companies across all sectors.

The biggest problems caused to them included cloud service and application downtime, which have high recovery costs and reputational damage associated with them.

“The financial industry is one that has always been of particular interest to attackers,” said Norman Girard, CEO at EfficientIP. “The sector forms one important pillar of the economy and therefore damage caused here has vast consequences for many other sectors. Fortunately, the data also indicates that the industry is increasingly aware of the threat and is taking measures to improve its DNS security.”

The survey found that 78% of financial services institutions have turned to zero-trust initiatives and are planning, implementing or adopting them. A zero-trust model is a security framework that fortifies the enterprise by removing implicit trust and enforcing strict user and device authentication throughout the network.

More than three-quarters of those surveyed (79%) said DNS domain deny-and-allow lists are highly valuable for zero trust, and 55% have recognised the importance of DNS security for protecting remote workforces, something highlighted during the pandemic.

The pandemic saw retailers and banks close physical centres to reduce physical contact, pushing more people online to bank and shop. This created the perfect environment for scammers to instigate online scams such as phishing attacks, with large numbers of customers new to online banking.

Research released by BAE Systems’ cyber security wing, BAE Systems Applied Intelligence, found that one-fifth of UK consumers have been targeted by cyber criminals or fraudsters during the pandemic. More than a quarter said they had seen an email hoax relating to Covid-19 and 20% had been targeted in SMS or smishing attacks. Average losses to consumers clocked in at £866.

Also, 54% of consumers surveyed said they believed it was the job of their bank to protect them, and 52% said they would like banks, credit card providers and other finance firms they dealt with to provide more guidance on how to be better protected.