It’s a new year, and with it comes a list of resolutions. Avoiding cyberattacks is usually pretty high up on an IT department’s list- no one wants to get attacked. However, time and again, it happens. SWIFT. Equifax. The list goes on even though global information security spending is expected to exceed $124 billion in 2019 according to a recent study. Is it money thrown down the drain? Perhaps. It seems that no matter how much an organization spends, they remain vulnerable. Our recent study echoes this. In particular, the financial services industry is the sector hit the hardest – with the average organization spending almost $1million to restore services after an attack. In fact, last year, the industry saw a 57 percent rise in attacks, with many suffering an average of seven attacks. The average price tag of a single assault totaled a whopping $588,200.
Our research investigated attacks on the DNS, considered a major gateway into a business network. It is how hackers break in and set up camp – allowing them to launch an attack when businesses least expect – such as DDoS or cache poisoning. The consequences of an attack, or even just an attempt, aren’t just financial. Any amount of downtime for a business can be detrimental and can cause a loss in customer confidence.
Attack vulnerability isn’t the sole issue. It’s also how the surveyed companies in our research failed to address breaches quickly. Financial institutions took the longest time outside of the public sector to mitigate an attack – spending almost an entire workday resolving it (seven hours). Even worse, five percent of organizations spent 41 days fixing the results of a DNS attack. Businesses aren’t swift to patch and prevent future attacks, either. Almost three-quarters of financial organizations (72%) took three days or more to install a patch. That is similar to not turning the water off on a leaky faucet on before you fix it. You are leaving yourself open to harm and excessive damages.
Unfortunately, hackers aren’t going away anytime soon. Threats evolve daily, and network service continuity and security is a business imperative. How can the industry ensure protection? Here are five questions financial sector enterprises should ask themselves in order to safeguard their networks:
- Is your domain protected with enhanced threat intelligence? The insight of global traffic patterns, such as via data feeds, must be used to protect users from both internal and external attacks. It can block malware activity and mitigate other ‘break-in’ attempts such as data exfiltration.
- Are you applying adaptive countermeasures? If an attack is unidentifiable you still want to ensure that business continuity remains intact. The last thing a business needs is to block legitimate users which can cripple consumer trust in a service such as online banking.
- Have you taken a harder security approach for cloud and Next Gen Datacenters? If not, consider adding a layer that covers the DNS so that cloud-stored data is protected against exfiltration, and in the event of an attack service is not discontinued while access to the cloud and your applications remains intact. Traditionally, cloud solutions have limitations and aren’t built for DNS.
- Are you using real-time analytics to amplify your threat visibility? Preventing data theft is essential but also critical to comply with regulatory standards such as the US CLOUD Act and GDPR.
- Are you really globally aware? You would be surprised how many businesses are unable to report malicious activity across a global network. Threats often move laterally and you need a holistic network security policy in order to address risks.
Companies fundamentally understand the critical nature of protecting the DNS network, but evidence continues to point to the fact that there is more talk than action. Attacks are getting more sophisticated and common. Institutions in the financial services sector will remain at risk if they don’t prioritize securing it. 2019 doesn’t have to be filled with plans to recreate your network architecture just to secure it- taking one step forward to fortify the DNS this year will result in protecting your business for the years ahead. That’s a resolution worth sticking to.