DNS security often ends up overlooked with companies not really prepared to defend against attacks, according to a new report.
Eighty-six percent of DNS solutions failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack, according to the Dimensional Research survey of over 1,000 security and IT professionals worldwide.
Last year there was a distributed denial of service (DDoS) attack on DNS provider Dyn that knocked dozens of major sites offline including Netflix, Airbnb, Amazon, CNN, New York Times, Twitter and more.
Since that attack 11 percent of companies said they had dedicated security teams managing DNS.
“Our research reveals a gap in the market – while we found that DNS security is one of IT and security professionals’ top three concerns, the vast majority of companies are ill-equipped to defend against DNS attacks,” said David Gehringer, principal at Dimensional Research. “This is exacerbated by the fact that companies are extremely reactionary when it comes to DNS security, only prioritizing DNS defense once they have been attacked.”
Other findings from the report include:
1. DNS attacks extremely effective: Three out of 10 companies have already been victims of DNS attacks. Of those, 93 percent have suffered downtime as a result of their most recent DNS attack. Forty percent were down for an hour or more, substantially impacting their business.
2. Companies slow to notice DNS attacks: Despite 71 percent of companies saying they have real-time monitoring for DNS attacks, 86 percent of solutions failed to be the first in notifying teams that a DNS attack was occurring. In addition, 20 percent of companies were first alerted to DNS attacks by customer complaints, meaning the assaults already hit their business.
3. Most companies vulnerable to DNS attacks: Only 37 percent of companies were able to defend against all types of DNS attacks (hijacking, exploits, cache poisoning, protocol anomalies, reflection, NXDomain, amplification), meaning the majority (63 percent) are essentially gambling the next DNS attack is one they can repel.
4. Reactive rather than proactive: Before an attack, 74 percent of companies focus on anti-virus monitoring as their top security focus; however, after an attack, DNS security moves to the number one position with 70 percent saying it is the most important security focus. This demonstrates a reactionary approach and DNS is not a priority until a company has been attacked and suffered a tangible business loss.
5. DNS has direct impact on the bottom line: Twenty-four percent of companies lost $100,000 or more from their last DNS attack, significantly impacting their bottom line. Fifty-four percent lost $50,000 or more. As the numbers show, once websites are rendered inaccessible, all digital business and revenue comes to a grinding halt, while internal resources are redirected to resolving the attack rather than driving the business.
“Most organizations regard DNS as simply plumbing rather than critical infrastructure that requires active defence,” said Cricket Liu, chief DNS architect at Infoblox which sponsored the research. “Our approach to cybersecurity needs a fundamental shift: If we don’t start giving DNS security the attention it deserves, DNS will remain one of our most vulnerable Internet systems, and we’ll continue to see events like last year’s attack.”
Click here to register to download the report.