By Gary Cox, Senior Technical Manager, Infoblox
Fintech is arguably one of the most important playgrounds for today’s cybersecurity threats. Their central role in the global economy, and the valuable and sensitive data they handle, makes them a perennial target for cybercriminals. While the threat to fintech makes headlines, the financial sector as a whole is facing the AI-powered cyberthreat Goliath. From traditional banks and insurers to cloud-native challengers and payment providers, the industry as a collective faces a dual challenge: maintaining resilience under tightening regulatory pressure while also adapting to increasingly sophisticated and fast-moving attacks. AI-enhanced phishing, supply chain vulnerabilities, and the proliferation of shadow IT have blurred the defensive perimeter, while alert fatigue and tool sprawl continue to strain even the best-resourced security teams.
The International Monetary Fund released a statement in 2024 warning of the sector’s “unique exposure” to cyber risk, and that potential extreme losses from cyberattacks on financial firms have quadrupled since 2017 – threatening their solvency. And that’s before non-monetary fallout like reputational damage is even considered. The UK government’s 2025 cybersecurity breaches survey also makes clear that the financial sector is now among the most targeted sectors.
Yet, amid this escalating complexity and the raising of stakes, the stone David needs to beat Goliath is already at home, embedded in their networks: the Domain Name System (DNS). Long treated as necessary network “plumbing,” DNS is often overlooked by security teams, despite its unique ability to provide early insight into malicious activity. In an industry where downtime or breaches can trigger an immediate loss of customer trust – not to mention revenue – DNS offers a quiet but powerful line of defense. And as regulatory guidance catches up, it’s becoming clear that DNS security may be the ace in the hole that turns the tables on attackers.
The myth of maturity
Financial institutions are among the most heavily regulated and well-resourced when it comes to cybersecurity. From dedicated SOCs to industry-leading tooling and governance frameworks, many firms out there can rightfully claim a “mature” security posture. But maturity doesn’t equate to immunity. Even the most robust security programs can be tested – not necessarily because they’re weak, but because attackers are constantly trying to get one step ahead. They don’t need to breach defenses through brute force; they exploit blind spots, timing, biases, and assumptions.
And this is really where the challenge lies. Investment is one thing, but choosing where that investment goes and keeping pace is another thing entirely. While mature practices typically help organizations to weather attacks more effectively, the velocity and creativity of modern threats can still catch teams off-guard. Remember – attackers only need to succeed once, while defenders need to succeed every time. To maintain that edge and keep the odds in their favor, even mature organizations benefit from reevaluating the fundamentals. That includes perimeter defenses and endpoint controls, but it should also include layers that are often overlooked like DNS which can surface malicious activity long before traditional alerts are triggered.
DNS: The Ace in the Hole?
In the race to modernize cybersecurity, DNS is rarely the first tool that comes to mind. It’s often treated as a background utility – essential for connecting users to services, but largely invisible and more or less ignored in the security stack. That’s a missed opportunity. DNS can serve as an early warning system, revealing threats before an attacker makes it to the endpoint. From data exfiltration attempts to command-and-control communications, DNS provides a continuous telemetry stream that, if monitored and analyzed, can expose attackers at the earliest possible stage. Yet in most financial organizations, DNS remains outside of the security team’s remit, managed instead by infrastructure or networking teams. As a result, its full security potential remains untapped.
Nobody is accusing security teams of negligence here – it’s simply a blindspot. What makes DNS particularly powerful is that it’s already present in every environment. And yet, many financial services organizations still treat it as network “plumbing,” unaware of the visibility it offers into adversary tactics. This blind spot isn’t a failure of diligence, it’s the natural consequence of siloed operations and longstanding assumptions about where security value resides. But with growing recognition from regulators and threat intelligence frameworks, DNS is beginning to emerge as a frontline security control that can complement and, in some cases, outperform more familiar tools.
CISOs are wising up
DNS has been hidden in plain sight for decades, but it’s only now that network perimeters are being so heavily challenged that its real potential is beginning to take shape – and security teams are noticing. A growing number of financial CISOs are starting to realize the strategic potential of DNS, often only after encountering it in workshops or threat simulations. What surprises them is not just what DNS can reveal, but how fundamental it can be to adversary behavior. Attackers rely on DNS just as much as defenders do, making it a natural interception point. With the right telemetry, DNS can illuminate stealthy techniques like domain generation algorithms (DGAs), command-and-control callbacks, and attempts to resolve malicious infrastructure – insights that are difficult to glean elsewhere without more invasive and expensive tooling.
This change of heart toward DNS is also being reinforced – or perhaps prompted by – regulatory guidance. Where once DNS protections were considered optional, frameworks like NIST 800-81 are now urging organizations to treat DNS as a key control within a broader defense-in-depth strategy. This marks a change in narrative: DNS security is no longer just a best practice; it’s a benchmark for cyber resilience. In highly regulated sectors like finance, that matters. It offers security leaders a new mandate to act, a compliance-aligned rationale for reassessing long-ignored telemetry, and a low-friction path to greater visibility in an increasingly high-stakes environment.
