EfficientIP, a specialist in DNS security for service continuity, user protection, and data confidentiality announced the results of its 2019 Global DNS Threat Report, sponsored research conducted by market intelligence firm IDC. Over the past year globally, organizations faced an average 34% increase to 9.45 DNS attacks, costing one in five businesses more than $1 million per attack, and alarmingly causing app downtime for 63% of those attacked. In Asia Pacific, the cost per DNS attack was the highest in Singapore amounting close to $924,750 and increasing by 30% and 62% of APAC organizations suffered application downtime.
Some of the other eminent regional findings reveal that DNS attack related business losses within APAC were highest in Malaysia leading with 35% followed by Singapore with 32% and India suffering the least at 20%. With average cost of DNS attack significantly rising in Asia by 19% as compared to last year, on an average, companies in Asia have losses to the tune of $814,150 dollars with 45% companies suffering brand damage.
Issues highlighted by the study, now in its fifth year, include the cost of DNS attacks increasing by 49% globally to reach $1,070,000, and the evolving popularity and broad range of attack types, from volumetric to low signal. Methods of attack include phishing, 47%, malware-based attacks, 39%, and old-school DDoS, 30%.
Also highlighted were the greater consequences of not securing the DNS against all possible attacks. No sector was spared, leaving organizations open to a range of advanced effects from compromised brand reputation to losing business.
Romain Fouchereau, Research Manager European Security at IDC, says “With an average cost of $1m per attack, and a constant rise in frequency, organizations just cannot afford to ignore DNS security and need to implement it as an integral part of the strategic functional area of their security posture to protect their data and services.”
DNS is a central network foundation which enables users to reach all the apps they use for their daily work. Most network traffic first goes through a DNS resolution process, whether this is legitimate or malicious network activity. Any impact to DNS performance has major business implications. Well-publicized cyber-attacks such as WannaCry and NotPetya caused financial and reputational damage to organizations across the world. The impact caused by DNS-based attacks is as important due to its mission-critical role.
The top impacts of DNS attacks － damaged reputation, business continuity and finances
Three-in-five, 62%, of organizations suffered application downtime, 45% had their websites compromised, and one-quarter, 28%, experienced business downtime as a direct consequence. These could all potentially lead to serious NISD (Network and Information Security Directive) penalties. In addition, one-quarter, 28%, of businesses had lost brand equity due to DNS attacks in Asia Pacific.
Data theft via DNS continues to be a problem. To protect against disruption, organizations are prioritizing securing network endpoints, 31%, and looking for better DNS traffic monitoring, 29%.
David Williamson, CEO of EfficientIP summarized the research “While these figures are the worst we have seen in five years of research, the good news is that the importance of DNS is at last being widely recognized by businesses. Mainstream organizations are now starting to leverage DNS as a key part of their security strategy to help with threat intelligence, policy control and automation, thus building a good foundation for their zero-trust plan."