As organizations adopt a “work from anywhere” approach, IDC’s 2022 Global DNS Threat Report confirms that the frequency and damage cost of DNS attacks have remained as high as ever, causing severe impacts on service continuity and data confidentiality for on-premises, cloud, and remote workers.
On the positive side, the importance of DNS for overall network security is being increasingly acknowledged, with organizations understanding its criticality for strengthening resilience, protecting data privacy, and for providing an early security barrier by controlling access to vital apps and services.
DNS Attacks are Having Severe Business Impacts on All Industries
According to the IDC survey, the majority of organizations (88%) globally across all verticals are suffering multiple DNS attacks – with the average being 7 attacks suffered per company per year – at a cost of $942k per attack. To either target DNS or use DNS as an attack vector, cybercriminals are deploying varying attack types, with the top three being:
- Phishing (51%)
- Malware (43%)
- DDoS (30%)
- Other attack types listed in the report include DNS tunnelling, Hijacking/credential attack, Cloud Misconfiguration abuse, and Zero day vulnerabilities.
The impacts are obviously devastating, and include in-house/cloud application downtime (for 70% of organizations), ransomware file loss/ciphering (43%) and data theft (24%). With 43% of companies not using a security solution built into a DNS server, 62% not using auto-remediation functionality, and inappropriate countermeasures still being implemented (e.g. shut down DNS server/service, disable apps, shut down network infrastructure), it’s no wonder that businesses are taking over 6 hours on average to mitigate each DNS attack.
How Purpose-built DNS Security Provides a 1st line of Defense
For protecting company networks, it’s clear for 73% of the security experts surveyed that purpose-built DNS security is a must. The report outlines how the unique visibility and traffic analytics capability DNS offers can be leveraged to strengthen protection in many areas such as zero trust, hybrid workforce, NetSecOps, cloud, data privacy, and Shadow IT. Below are some of the key points mentioned:
In zero-trust strategies, DNS security becomes another layer of the framework to increase and support application access control using deny/allow lists. Microsegmentation for intelligent control can be done at the DNS level to simplify deployment and management operations.
- 74% make use of DNS Traffic analysis for their threat intelligence
- 83% see DNS allow/deny lists as valuable for improving control over which users can access which apps
Organizations are understanding the critical role Private DNS security plays in boosting data privacy. DNS enables enforcement of the same on-premises security policies to the extended enterprise: cloud, IoT, SD-WAN, remote workers, etc.
- 54% view DNS as critical for securing remote workers
- 51% see DNS as vital for securing IoT deployments
DNS security provides real-time insights for enriched threat intelligence to help identify threat indicators, assess risk, and prevent future attacks. DNS can help enforce security policies and automate security responses – and then feed pertinent security events into a SIEM and/or SOC.
- 60% are using mostly automated solutions (SOAR) for network security policy management:
- 75% of network teams share their DNS-DHCP-IPAM data with Security teams
Automated provisioning and deprovisioning of IP resources in multicloud environments eliminates the risk of misconfigurations. Constant monitoring and management ensures cloud deployment is optimal for stronger DNS service continuity and resilience.
- 27% suffered a DNS attack abusing cloud misconfiguration
- 56% view DNS as critical for securing cloud deployments
DNS can be used as a foundation tool for anti-ransomware programs. Most organizations are concerned about data privacy when using DNS from public providers. A private DNS will protect all DNS requests through encryption and preventing eavesdropping.
- 57% see DNS as their top method for protection against ransomware
- 49% consider Private DNS useful for limiting privacy risk
DNS traffic and network data helps businesses detect shadow IT in terms of unsanctioned and unmanaged cloud apps, and also to identify and monitor machine-to-machine communications. DNS is a great tool to start enhancing protection against shadow IT: it is a simple, efficient and cost-effective solution which is easy to implement.
- 51% use DNS as their primary solution for detecting shadow IT
- 61% have not made shadow IT a priority in 2022
Top Three Recommendations From the Report
DNS is by nature your 1st line of defense thanks to threat detection over user behavior, access control capability at client level, and potential to automatically share data and qualified security events with SecOps teams.
As it’s a foundational component for reinforcing the overall network security chain, organizations are recommended to leverage DNS for:
1/ Preventing lateral movement of threats by creating an early security barrier
2/ Reducing risk of new vulnerabilities by enhancing shadow IT detection
3/ Speeding up threat remediation by improving NetSecOps collaboration
To check vulnerabilities of your DNS and receive recommended actions for enhancing your network security, try our DNS Risk AssessmentTRY IT NOW