Businesses lose over $1M to DNS attacks: Report

The survey revealed that a good number of businesses still do not employ any sort of cyber security measures

Cyber

By Lyle Adriano

A survey conducted by DDI solutions provider EfficientIP revealed that 25% of businesses in North America, Europe, and Asia Pacific lack any sort of security software—those same businesses also lost more than $1 million in damages due to their DNS vulnerability.

Nearly a thousand senior security professionals were surveyed for the report, which analyzed the technical and behavioural causes for the rise of DNS vulnerabilities and their potential effects on business.

The survey found that 74% of CSOs and Network Directors have been victims of DNS attacks. While the report revealed that 79% were aware of the risks associated with DNS, only 59% were using any form of DNS security.

"The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don't fully appreciate the risks from DNS-based attacks,” said EfficientIP CEO David Williamson. “In just under two years, GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It's crucial for all businesses to start taking DNS security seriously."

Other things the report found include:
  • The most common cyber security attack types—the same ones businesses claim to be aware of—are also the main causes of business outages and data theft
  • The top three DNS attacks that had the largest effect on organizations in the last year were: DDoS attacks (22%), data exfiltration (12% of organizations in NA, 39% in Asia), and zero-day vulnerabilities (20%)
  • Only 23% of the organizations surveyed recognized zero-day attacks or DNS tunneling as risks, only 29% knew what cache poisoning is, and only 30% were aware of DDoS attacks
  • Firewalls cannot deal with high bandwidth DDoS attacks, nor can they detect DNS tunneling attempts
  • Many businesses still rely on 'out-of-the-box' non-secure DNS servers provided by Microsoft or Linux servers

Related Stories:
University of Calgary folds, pays ransom for stolen research data
New Conference Board of Canada centre to tackle cyber security policy
 

LATEST NEWS

World Bank issues cat bond for disaster risk protection in Mexico
REINSURANCE

World Bank issues cat bond for disaster risk protection in Mexico

EIOPA's expectations on the oversight of reinsurance with third-country reinsurers
REINSURANCE

EIOPA's expectations on the oversight of reinsurance with third-country reinsurers

DARAG inks SPA to purchase Cayman captive
REINSURANCE

DARAG inks SPA to purchase Cayman captive

Malaysian Re inks MoU with CPIC for health and medical initiative
REINSURANCE

Malaysian Re inks MoU with CPIC for health and medical initiative

Rokstone to provide D&O brokers with open access to LOI calculator
REINSURANCE

Rokstone to provide D&O brokers with open access to LOI calculator

Keep up with the latest news and events

Join our mailing list, it’s free!