Today, the services provided by telecommunications businesses underpin every facet of our lives – from streaming video content on the move, to providing the vital connections that power the global financial sector – network service providers supply the critical infrastructures we need. But the proliferation of internet traffic, driven by trends such as mobility, widespread deployment of IoT devices and customer demand for real time internet access from remote locations, has placed immense pressure on service providers to secure their networks in the face of a growing number of cyberattacks.
DNS is a core network function for ensuring application availability, user experience and performance, so failure to implement DNS security measures properly puts enterprises at risk of catastrophic reputational damage, service downtime, data theft and spiraling costs.
Network complexity increases the risk of DNS attacks
By their nature, telcos build and operate complex networks and store vast amounts of sensitive data. Because so many enterprises, industries and individuals are dependent on these networks for their day to day operations, it should come as little surprise, therefore, that companies operating in the telecommunications and ISP sector are the most frequent victims of DNS attacks. According to the IDC 2020 Global DNS Threat Report, service providers experienced an average of 11.4 attacks last year, compared to 9.5 attacks across other industries.
Overall, more than four out of five (83%) of service provider organizations experienced a DNS attack – well above the overall average of 79%. As well as a high attack frequency, telecommunications providers also tended to experience costlier attacks with more than 8% of organizations stating that they had suffered damage costs of over $5 million as a result of a DNS attack.
The most common attack types used by hackers were phishing attacks (37%), DNS-based malware (33%), DDoS attacks (27%), lock-up domain attacks (22%), which may cause DNS resolvers to exhaust their resources, as well as DNS amplification attacks (21%) which can result in the break-down of company networks potentially causing serious economic damages and disruptions.
Severe impacts include cloud service and app downtime
Successful DNS attacks commonly resulted in in-house application downtime, experienced by 60% of organizations and cloud service downtime, which was reported by 54% of telcos surveyed. As previous outages have shown, service disruptions can result in both severe brand damage and customer churn as dissatisfied subscribers of telecommunications providers may switch to competitors with a more reliable network. The report indicates that a quarter (25%) of providers experienced brand damage while almost a third (31%) reported a loss of business. Lastly, for 18% of telcos, DNS attacks resulted in the theft of sensitive customer info. This is especially concerning since an important amount of customer information is at the mercy of the network which is trusted to perform at the highest levels.
While a large share of respondents implement comparatively blunt countermeasures to mitigate attacks, with 60% of organizations shutting down affected processes and connections and 55% disabling applications, effective solutions and strategies are starting to be implemented. This includes Zero Trust strategies which 75% of companies are either planning, piloting or already running. Other improvements include automation of security management policies – currently adopted by 59% of telcos – and passing of valuable DNS event information to SIEM and SOC (Security Operations Center) for helping simplify threat detection and accelerate remediation.
Preventing against the next generation of cyber attacks
With 5G rollouts becoming more and more frequent, telcos should prioritize DNS security as part of their overall security architecture. DNS offers visibility on devices and menaces across on-prem and cloud deployments to directly enrich data intelligence and reduce the complexity of threats and alert volumes that remain major challenges for SOAR solutions and security teams.
Below are some steps that service providers can take in order to mitigate the risk of costly cyber-attacks:
- Rethinking and simplifying DNS architectures by replacing intermediary security layers with adapted DNS security solutions will reduce both administrative and maintenance costs and ensure 24/7 service
- Implementing high performance DNS servers protects enterprises from volumetric attacks, whilst reducing the total cost of ownership
- Utilizing real-time, context-aware DNS transaction analytics for behavioral threat detection allows telcos to detect threats before they spread and provides regulatory compliance to GDPR, CCPA, PDP Bill, PIPA etc.
- Incorporating DNS into global network security solutions, so it can recognize unusual or malicious activity and inform the broader security ecosystem, provides a holistic solution for telcos
These steps have become increasingly important since the outbreak of COVID-19 which has caused a large-scale shift to remote work. The increasing number of remote workers means that telcos must provide a stable network availability and the high capacity needed to serve customer’s requests as quickly as possible. This, with the widespread adoption of 5G, a rapid growth in the number of IoT devices and a every growing number of applications in the cloud, will exacerbate the need for telecommunications customers to deploy scalable, secure and less complex architectures that are capable of protecting against the next generation of cyberattacks.
IDC 2020 Global DNS Threat Report
Learn more about the cost and damages of DNS attacks, business impact by industry and recommendations for holistic network security.DOWNLOAD NOW