Over the past year, organizations faced on average more than nine DNS attacks, an increase of 34%. Costs too went up 49%, meaning one in five businesses lost over $1 million per attack and causing app downtime for 63% of those attacked, according to a new study conducted by market intelligence firm IDC and commissioned by EfficientIP – a specialist in DNS security solutions.
Other issues highlighted by the study, now in its fifth year, include the broad range and changing popularity of attack types, ranging from volumetric to low signal, including phishing, 47%, malware-based attacks, 39%, and old-school DDoS, 30%. Also highlighted in EfficientIP’s ‘2019 Global DNS Threat Report’ were the greater consequences of not securing the DNS network layer against all possible attacks. No sector was spared, leaving organizations open to a range of advanced effects from compromised brand reputation to losing business.
Most network traffic first goes through a DNS resolution process, whether this is legitimate or malicious network activity. Any impact on DNS performance can therefore have major business implications.
“With an average cost of $1m per attack, and a constant rise in frequency, organizations just cannot afford to ignore DNS security,” said Romain Fouchereau, Research Manager European Security at IDC. “They need to implement it as an integral part of the strategic functional area of their security posture to protect their data and services.”
Top Impacts DNS Attacks
Three-in-five, 63%, of organizations suffered application downtime, 45% had their websites compromised, and one-quarter, 27%, experienced business downtime as a direct consequence. These could all potentially lead to serious NISD (Network and Information Security Directive) penalties. In addition, one-quarter, 26%, of businesses had lost brand equity due to DNS attacks.
Data theft via DNS continues to be a problem. To protect against this, organizations are prioritizing securing network endpoints, 32%, and looking for better DNS traffic monitoring, 29%.
“While these figures are the worst we have seen in five years of research, the good news is that the importance of DNS is at last being widely recognized by businesses,” said David Williamson, CEO of EfficientIP. “Mainstream organizations are now starting to leverage DNS as a key part of their security strategy to help with threat intelligence, policy control and automation, thus building a good foundation for their zero trust plan.”
EfficientIP is a network automation and security company, specializing in DNS-DHCP-IPAM solutions (DDI), with the goal of helping organizations worldwide drive business efficiency through “agile, secured and reliable” infrastructure foundations.