EfficientIP has published the results of its 2018 Global DNS Threat Report. This looks at the impacts of DNS-based threats on businesses across the world. Over the past year, organizations on average faced seven DNS attacks, which cost some businesses more than $5 million in damages.
The major issues highlighted by the study, which is now in its third year, include the increase in cost of DNS attacks; the evolving popularity of attacks; a failure to adapt security solutions to protect DNS on-premise or in the cloud; and investment priorities to ensure data confidentiality. The consequences of not securing the DNS creates a higher risk of data loss, service downtime, compliance failure and compromised public image.
David Williamson, CEO of EfficientIP summarized the research, saying, “Worryingly, the frequency and financial consequences of DNS attacks have risen and businesses are late in implementing purpose-built security solutions to prevent, detect and mitigate attacks. On the positive side, business and IT leaders globally now have a better understanding on why DNS is fundamental to ensuring business continuity and data confidentiality, so securing DNS has become a top priority for them."
The increasing cost per attack - varies country by country
More than three-quarters (77 percent) of organizations surveyed were subject to a DNS attack in 2018. The global average cost per DNS attack increased by 57 percent year-on-year, standing at $715,000. However, the cost per attack and its growth vary country by country:
| Country | Cost per attack in 2018 | Cost per attack increase |
1 | UK | $786,000 | 105% |
2 | Singapore | $710,000 | 85% |
3 | Australia | $551,000 | 83% |
4 | USA | $654,000 | 82% |
5 | India | $656,000 | 54% |
6 | Canada | $546,000 | 48% |
7 | France | $974,000 | 48% |
8 | Spain | $710,000 | 33% |
9 | Germany | $905,000 | 15% |
The five most prevalent DNS-based attacks in 2018
The most prevalent DNS threats has changed compared with last year. DNS-based malware has remained the joint most popular alongside Phishing (36 percent), followed by DDoS attacks (20 percent), Lock-up Domain attacks (20 percent) and DNS Tunneling (20 percent).
The top impacts of DNS-attacks
Well-publicized cyber attacks such as WannaCry and NotPetya caused financial and reputational damage to organizations across the world. The impact caused by DNS-based attacks is just as important due to its mission critical role. Two-in-five (40 percent) organizations suffered cloud outages and one-third (33 percent) of respondents were victims of data theft. One-in-five (22 percent) firms had lost business due to DNS attacks.
Methodology
The report was conducted by Coleman Parkes from January to April 2018. The results are based on 1,000 respondents in three regions - North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers.
