Councils, schools and government offices were among global public sector and education organizations hit badly by DNS attacks last year – with nearly half reporting dealing with the issue cost them hundreds of thousands of pounds.
One in five (19 percent) of public sector sites and 11 percent of education bodies affected by DNS attacks say sensitive information was stolen. A fifth (20 percent) of public sector and 12 percent of educational victims also think intellectual property data was lost, while 10 percent of schools and colleges affected say they needed to take more than one day to recover.
This is in the context of yearly average costs of DNS security breaches to be now running at £1.7m ($2.2m) for organizations globally, with malware (35 percent), DDoS (32 percent), Cache Poisoning (23 percent), DNS Tunnelling (22 percent) and Zero-Day Exploits (19 percent) as the main threats.
The above findings come from the 2017 Global DNS Threat Survey Report from EfficientIP. According to the report, 76 percent of all respondents were subjected to at least one DNS attack in last 12 months, with 28 percent suffering data theft.
Of all sectors, global education organizations demonstrated the poorest awareness of the top five DNS-based attacks with 40 percent of them being aware of DNS Tunnelling, 39 percent of DNS-based Malware, 34 percent of DDoS, 29 percent of Cache Poisoning and 19 percent of Zero-Day Exploits.
The public sector’s awareness was better but still not good enough with only 48 percent of organizations aware of DNS-based Malware, 37 percent of Cache Poisoning, 36 percent of DDoS, 35 percent of DNS Tunnelling and 23 percent of Zero-Day Exploits.
Poor responses to vulnerability notifications
When it comes to mitigation, 30 percent of public sector organizations had to close down specific processes, but 36 percent responded by applying an immediate patch to fix the affected processes.
42 percent of public sector organizations also needed almost a full business day (six hours) to restore their systems (35 percent took the same time in education).
In 2016, 72 percent of public sector organizations only applied between four to ten patches (out of 11 critical security patches that were released in the same time). This number was even higher in education, at 89 percent.
Recommendations
EfficientIP says that the following steps can be taken by organizations to ensure continuity of service and data protection for themselves, their users and clients:
Replace ineffectual firewalls and load balancers with purpose-built DNS security technology;
Keep DNS security up to date by patching DNS servers more often;
Enhance threat visibility by using deep DNS transaction analysis.
