For the past four years, the DNS Global Threat Report explored the technical causes and behavioral responses of Domain Name System (DNS) threats and their potential effects on businesses worldwide. This year, our report found an increase in the cost of DNS-based attacks on businesses globally, as well as a failure from organizations to adapt security solutions to ensure data against these new, network-based attacks that aim to exploit DNS security.
While the EU General Data Protection Regulation (GDPR) aims to protect the proper collection, protection and sharing of individuals’ personal data, our report has found a rise in DNS attacks as well as companies keep on the sensitive data and intellectual property stolen.
One thing is clear that cyber attacks are evolving, increasing in frequency and varieties, with recent iterations aimed at companies’ DNS and containing the power to cause catastrophic, long-term damage. The introduction of EU regulations like GDPR bring the importance of properly protecting customers’ data to the forefront of organizations’ attention. Coupled with the importance of keeping IT services running, this puts incredible pressure on organization’s network teams.
More attacks, more money lost
The report found that more than three-quarters of companies (77 percent) faced DNS attacks in 2018, with the average cost per attack increasing 57 percent year-on-year to the tune of $715,000.
In Europe, the UK experienced the highest year-on-year increase in cost, sitting at 105 percent, with French businesses facing the largest per-attack cost of $974,000. Hopping over the pond we find the US faced a per-attack cost at $654,000 an increase of 82 percent from 2017. In Asia-Pacific, Singapore faces both the highest per-attack cost for its region at $710,000 and the largest increase at 85 percent.
DNS attacks – stealing your data and stopping your cloud services
2017 saw the encrypted ransomware giants WannaCry and NotPetya cause tremendous damages and as a result featured heavily in the media spotlight. It’s good to have these damaging attacks covered by the national media, but their DNS-based counterparts have managed to slip under the radar, causing untold damage to organisations globally.
While not featured as widely in the national media, DNS attacks were responsible for two-in-five, 40 percent of organizations’ cloud outages in the past year. Equally, one third (33 percent) of businesses around the world were victims of data theft and 20 percent have suffered from the downtime of the business as a result of these attacks. Yet DNS-based attacks still do not collect from businesses respect, nor the fear, they deserve.
DNS analysis has become a top priority of protecting data:
Organizations need to comply with GDPR and one critically important aspect of the regulation is the protection of customers’ data. DNS is becoming valued by companies as a prime target for data exfiltration, so is finally starting to be appropriately protected.
To protect the data confidentiality, businesses have been prioritizing their technology budgets for meeting GDPR compliance. Our report found technology investment in monitoring and analysis of DNS was top priority for 38 percent of respondents. This compares with conventional cyber security solutions, like endpoint protection and firewalls, which were put as top priority for 35 percent and 21 percent of businesses respectively.
What the 2018 DNS Global Threat Report has highlighted is the role GDPR plays in increasing the importance of customer data, and therefore making organizations’ DNS an alluring target for hackers. Organizations have in turn begun to understand the lasting damage that can be caused by DNS attacks, not only financially but reputationally as well. Businesses cannot solely rely on cloud vendors, firewall providers or luck to protect themselves and their data from the increasing threats. Companies must come up with new tactics and learn how to defend themselves properly if they want to develop well.