A survey conducted by DDI solutions provider EfficientIP revealed that 25% of businesses in North America, Europe, and Asia Pacific lack any sort of security software—those same businesses also lost more than $1 million in damages due to their DNS vulnerability.
Nearly a thousand senior security professionals were surveyed for the report, which analyzed the technical and behavioural causes for the rise of DNS vulnerabilities and their potential effects on business.
The survey found that 74% of CSOs and Network Directors have been victims of DNS attacks. While the report revealed that 79% were aware of the risks associated with DNS, only 59% were using any form of DNS security.
"The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don't fully appreciate the risks from DNS-based attacks,” said EfficientIP CEO David Williamson. “In just under two years, GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It's crucial for all businesses to start taking DNS security seriously."
Other things the report found include:
University of Calgary folds, pays ransom for stolen research data
New Conference Board of Canada centre to tackle cyber security policy
- The most common cyber security attack types—the same ones businesses claim to be aware of—are also the main causes of business outages and data theft
- The top three DNS attacks that had the largest effect on organizations in the last year were: DDoS attacks (22%), data exfiltration (12% of organizations in NA, 39% in Asia), and zero-day vulnerabilities (20%)
- Only 23% of the organizations surveyed recognized zero-day attacks or DNS tunneling as risks, only 29% knew what cache poisoning is, and only 30% were aware of DDoS attacks
- Firewalls cannot deal with high bandwidth DDoS attacks, nor can they detect DNS tunneling attempts
- Many businesses still rely on 'out-of-the-box' non-secure DNS servers provided by Microsoft or Linux servers