US businesses are hemorrhaging — bleeding money, data, time, reputation, and more — because they continue to experience cyberattacks at the DNS level. This is according to our annual "Global DNS Threat Report," which looks at the causes and effects of DNS attacks on businesses across the world.
DNS attacks are on the rise and literally costing millions. The report, which was conducted in partnership with IDC, revealed the worst trends in its five-year history. Businesses averaged more than nine DNS attacks in 2018, an increase of 34% year-over-year. Costs went up significantly, too — the average cost of a DNS attack came in at $1.27 million worldwide. When 70% percent of businesses in America were attacked, they lost per incident upward of $100,000. Almost half (48%) lost at least $500,000, and close to 10% lost over $5 million.
These costs are not sustainable. Neither is the time it takes to fix an issue — an entire business day in most cases. Companies can't afford to take any part of their business offline for over eight hours. The repercussions can be disastrous. In most instances, in-house applications were the most affected (65% of the time), though almost half of respondents (45%) had their website compromised and one-quarter (27%) experienced downtime as a direct consequence. These could all lead to serious Network and Information Security Directive penalties.
The types of attacks are also shifting. Once flooding the DNS mostly with large, high-traffic attacks to a targeted network in an effort to overwhelm its bandwidth, cybercriminals have shifted to be equal opportunity attackers and diversified their approach to include more stealth, low bandwidth tactics, such as phishing and malware-based attacks into the mix.
As attackers get smarter, why do businesses continue to fail when it comes to prioritizing DNS security? First, lack of awareness. Over a quarter of US organizations continue to think that protecting DNS is only moderately important, but the reality is that DNS is critical to service continuity, data confidentiality, and security. By nature, DNS is an open service to the network, and its mission-critical role for routing application access makes it both a primary attack vector and a target for hackers. Eighty-two percent of global businesses suffered a DNS attack last year, and DNS attack numbers are in the double digits for many.
The bottom line: When the DNS is affected, so are the applications that run a business. Imagine that a large manufacturer loses access to its supply chain management system — a chain reaction is set off that could affect the entire company.
Second, adaptive countermeasures aren't properly in place. When under attack, companies can't shut down the entire business, but they can contain the risk. Retaining service, availability, bandwidth, and control — all elements crucial to network integrity — are a must. Disaster recovery and avoiding single points of failure must be part of the mitigation process. This is where adopting a zero-trust strategy is critical.
Organizations need to take a micro rather than a macro approach. Perimeter security is not enough, especially when most threats come from inside of the enterprise network in the form of malware and phishing invitations. Businesses are getting better at building intermediate zones to allow and control inbound flows, but this enterprise network security topology relies on macro-segmentation principles that are no longer appropriate. The architecture must be scaled down into micro segments — as small as a single client or server. This requires an entire re-imagining of the network, relying on the fact that there are no longer any trusted or untrusted zones. Everything is treated as a threat as a default.
Having a granular view of users and applications becomes a standard approach, not an exception. Almost all Internet connections are initiated through DNS, meaning DNS sees 95% of traffic going through the network. Analyzing the behavior of each user brings valuable data for detecting potential menaces hidden in the traffic. This surveillance of each client at such a detailed level is key to successful zero-trust strategy. Plus, administrators also should know the status of the network in real time at all times.
Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. Moving to a more proactive approach will add even more protection. No business can afford to hemorrhage money — that's management 101. It also can't afford to lose precious data, experience time offline, and reputation, all three of which lead to lost revenue. Addressing DNS weaknesses now will help keep companies solvent in the future.