Three in Four Organisations Have Fallen Prey to DNS Attacks

Seventy-six percent of organisations in the UK and US have suffered a domain name system (DNS) attack, with 49% failing prey within the past 12 months, a Vanson Bourne study commissioned by Cloudmark Inc has revealed.

The threats most frequently reported by the 300 IT decision-makers polled were DDoS (74%), DNS exfiltration (46%), DNS tunnelling (45%) and DNS hijacking (33 percent).

Of the DNS attack victims more than half admitted to losing business-critical data or revenue, while a third lost confidential customer information.

Despite the potentially calamitous legal and financial implications of such breaches some 44% professed to finding it difficult to justify DNS security investment to senior management who often see DNS security as a barrier to investment. This despite the fact that more than half (55%) of IT decision-makers citing theft of confidential data as a major concern to their organisation.

“The survey findings suggest that large organisations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers,” says Neil Cook, chief technology officer at Cloudmark.

“While DDoS threats continue to be a common method of attack to siphon off valuable resources, organisations need to review their security solutions to ensure they can protect against a multitude of other attacks including DNS exfiltration and DNS tunnelling, particularly in industries where high-value data is held, such as retail and financial industries. Once an organisation’s data is in the hands of cyber-criminals, the brand reputation, customers and ultimately revenue of that organisation can be severely affected.”

The research also found that:

• 66% of US-based respondents have experienced a DNS attack in the past 12 months
• 23% of UK-based respondents admitted they didn’t know if their organisation had ever suffered a DNS attack
• Retail, distribution and transport firms reported the highest incidence of DNS attacks, with 74% suffering an attack in the past 12 months. Those industries were also the biggest victim of DNS exfiltration attacks (56%), with financial services organisations a close second (51%)
• Customer retention and brand reputation were the top concerns reported following a DNS attack

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

Listen to the podcast today