The report looks at the causes – both technical and behavioural – for the rise of DNS vulnerabilities and the potential business effects. Almost 1000 senior security professionals took part from across a range of small, medium and large vertical enterprises in North America, Europe and Asia Pacific.
The study discovered that 74 per cent of CSOs and Network Directors have been victims of DNS attacks. However, despite 79 per cent being aware of the risks associated with DNS, only 59 per cent were using any form of DNS security.
David Williamson, CEO at EfficientIP, said: “The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don’t fully appreciate the risks from DNS-based attacks. In just under two years GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It’s crucial for all businesses to start taking DNS security seriously.”
The report also revealed:
· The most common attack types – which businesses claim to be aware of – are also the main causes of business outages and data theft
· The top three DNS attacks that have the largest impact on an organisation include:
o DDoS attacks: 22 per cent of the companies surveyed had been subject to DNS-based DDoS attacks in the last year
o Data exfiltration: Twelve per cent of organisations in North America and 39 per cent in Asia have had data infiltrated via DNS in the last year
o Zero-Day vulnerabilities: Almost 20 per cent of the businesses surveyed had suffered an attack using DNS Zero-Day vulnerabilities in the last year
· Only 23 per cent of those surveyed recognised Zero-Day attacks or DNS tunnelling as risks, only 29 per cent are aware of Cache Poisoning, and only 30 per cent are aware of DDoS attacks
· While firewalls can protect on a basic level, they’re not designed to deal with high bandwidth DDoS attacks, or detect DNS tunnelling attempts (the majority of DDoS attacks are now over 1Gbps)
· Most businesses still rely on the ‘out-of-the-box’ non-secure DNS servers offered by Microsoft or Linux servers