Most companies are unprepared for DNS attacks

DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks.

companies unprepared DNS attacks

Dimensional Research surveyed over 1,000 security and IT professionals worldwide and found that 86 percent of DNS solutions failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack.

The results come in advance of the one-year anniversary of the DDoS attack on DNS provider Dyn last October, which knocked dozens of major sites offline including Netflix, Airbnb, Amazon, CNN, New York Times, Twitter and more. The widespread impact of the attack shed light on a startling reality – that many companies have inadequate defences when it comes to DNS security. Despite this wake-up call, only 11 percent of companies have dedicated security teams managing DNS, showing DNS is still not as high of a priority as it should be.

“Our research reveals a gap in the market – while we found that DNS security is one of IT and security professionals’ top three concerns, the vast majority of companies are ill-equipped to defend against DNS attacks,” said David Gehringer, principal at Dimensional Research. “This is exacerbated by the fact that companies are extremely reactionary when it comes to DNS security, only prioritising DNS defence once they have been attacked. Unless today’s organisations begin moving to a proactive approach, DDoS attacks such as the one on DNS provider Dyn will become more pervasive.”

companies unprepared DNS attacks

DNS attacks

DNS attacks extremely effective: Three out of 10 companies have already been victims of DNS attacks. Of those, 93 percent have suffered downtime as a result of their most recent DNS attack. 40 percent were down for an hour or more, substantially impacting their business.

Companies slow to notice DNS attacks: Despite 71 percent of companies claiming they have real-time monitoring for DNS attacks, 86 percent of solutions failed to be the first in notifying teams that a DNS attack was occurring. Moreover, 20 percent of companies were first alerted to DNS attacks by customer complaints, meaning it had already impacted their business, reputation and customer satisfaction.

Most companies vulnerable to DNS attacks: Only 37 percent of companies were able to defend against all types of DNS attacks (hijacking, exploits, cache poisoning, protocol anomalies, reflection, NXDomain, amplification), meaning that the majority (63 percent) are essentially gambling that the next DNS attack is one they can repel.

Reactive rather than proactive: Before an attack, 74 percent of companies focus on anti-virus monitoring as their top security focus; however, after an attack, DNS security moves to the number one position with 70 percent claiming it is the most important security focus. This demonstrates a reactionary approach and that DNS is not a priority until a company has been attacked and suffered a tangible business loss.

DNS has direct impact on the bottom line: 24 percent of companies lost $100,000 or more from their last DNS attack, significantly impacting their bottom line. 54 percent lost $50,000 or more. As the numbers show, once websites are rendered inaccessible, all digital business and revenue comes to a grinding halt, while internal resources are redirected to resolving the attack rather than driving the business.

“Most organisations regard DNS as simply plumbing rather than critical infrastructure that requires active defence,” said Cricket Liu, chief DNS architect at Infoblox. “Unfortunately, this survey confirms that, even on the anniversary of the enormous DDoS attack against Dyn—a dramatic object lesson in the effects of attacks on DNS infrastructure—most companies still neglect DNS security. Our approach to cybersecurity needs a fundamental shift: If we don’t start giving DNS security the attention it deserves, DNS will remain one of our most vulnerable Internet systems, and we’ll continue to see events like last year’s attack.”