For the third year, EfficientIP conducted one of the largest surveys exploring the technical and behavioral causes for the rise in DNS threats and their potential effects on businesses globally. Responses varied around the world, and so in a series of blog posts we’re going to highlight some key regional differences, looking at Europe, APAC, and in this first post, North America.
DNS security is increasingly critical. With improvements in security in firewalls, operating systems, and other elements of our network architectures, attackers are becoming more sophisticated, finding new pathways into an organization’s system, with DNS as an open door for both disruption and intrusion.
The vulnerability of DNS is of little surprise, since this is an area often ignored by organizations, who tend to simply use a default security solution rather than investing in modern DNS security technologies. Key issues highlighted by the 2017 study include a poor awareness as to the variety of attacks, a failure to adapt security solutions to protect DNS and weak responses to vulnerability notifications. These concerns will not only be subject to regulatory changes, but also create a higher risk of data loss, downtime or compromised public image.
The report shows the risks are not hypothetical; they are real, and quantifiable. Of the 300 North American businesses surveyed, 44% had application downtime as a result of DNS attacks, with 38% having their websites and ecommerce systems compromised. Those attacks have cost them time to resolve – 40% needed almost a full business day (6 hours) or more to get back online, with a further 50% experiencing an outage of more than an hour. Time lost equals money lost – 15% of North American respondents reported losses between $501K range to more than $5M, compared to 19% in APAC and 29% in Europe. For ecommerce businesses, the cost could be even greater. In addition to the time and cost, considering the recent WannaCry Ransomware and Petya cyber-attacks, it is of utmost importance to install the necessary security patches and in time.
How can you improve DNS to ensure security?
First of all, step up from default security solutions, such as UNIX and Windows DNS servers, to technologies like hybrid DNS that allow you to quickly switch between different DNS technologies. However, bear in mind that more is needed than just implementing DNS security. Using analytics to monitor and analyze DNS traffic is vital in order to make informed decisions. North America has a good start with 70% of survey respondents having DNS security systems in place and 89% performing analytics. By leveraging analytics to help you make the right decisions in the event of an attack, you’re going to have an advantage over other businesses, as you won’t need to turn off live sites during an attack (like 28% of companies did in the last 12 months when they experienced an attack on their DNS).
Shutdown and service interruption is the very purpose of an attack. Protecting core systems may be all well and good, but the attackers win nevertheless. By taking the measure of closing down affected applications to mitigate an attack, over a third of organizations (36%) achieved what the attacker intended to do. Businesses cannot be expected to rain money on IT. Protecting DNS using modern adaptive techniques can actually reduce costs spent on IT. A rather shocking 63% of respondents had between 1-3 people involved for attack mitigation, and 27% had more than 4. Depending on the size of a company, this could represent the entire network IT team! This could mean IT teams working far beyond clock in and out times or taken away from other critical tasks.
An additional advantage in moving towards more advanced DNS servers is their ability to handle high traffic at a surprisingly low cost. In the case of failure to block an attack by other means, merely being able to absorb the attack can have a significant impact. More than a third of DDoS attacks (37%) on North American organizations’ DNS were over 5 million queries per second (QpS), with 8% above 10 million QpS. If their DNS systems can handle 10 million QpS, almost all businesses will be able to stay online throughout an attack.
What this means for your business
While North American businesses continue to experience a few issues with regards to some aspects of DNS security, it is not the worst compared with other areas of the world. One such aspect is just how quickly its businesses respond to vulnerability notifications: North America outperformed both Europe and APAC (10% vs. 48% took more than six hours) meaning they have greater chances to prevent the negative impacts of DNS attacks.
Although North American organizations (39%) have demonstrated more awareness of the top 5 DNS-based attacks than Europe (34%) and are less easy to target with a fifth stating they have experienced five attacks or more in the past twelve months compared to APAC (31%) and Europe (38%), the attacks they undergo are still costing them valuable time and money. Moreover, 25% of organizations surveyed experienced Data Exfiltration via DNS. Of those, 14% had sensitive customer information stolen and 11% intellectual property stolen. This could be social security numbers, job assignments or even bank details.
Now is the time to re-evaluate the security, structure and logistics of your network – before a DNS attack costs you another day of work and millions of dollars.
Download now our infographics on the US results for our DNS Threat Survey by clicking here