EfficientIP, a specialist in DNS [domain name system] security for service continuity, user protection and data confidentiality, has announced the results of its 2020 Global DNS Threat Report. The annual research, which was conducted in collaboration with market intelligence firm International Data Corporation (IDC), sheds light on the frequency of the different types of DNS attack and the associated costs for the last year.
According to the study, nearly four out of five organizations (79%) experienced DNS attacks, with the average cost of each attack hovering around $924,000. The report shows that organizations across all industries suffered an average 9.5 attacks this year. Per the analysts, these figures illustrate the pivotal role of the DNS for network security, "as threat actors make use of DNS’ dual capacity as either a threat vector or a direct objective."
In terms of regional damage from DNS attacks, North America led in the reporting with an average cost of attack at $1,073,000. This represents a modest decrease by about 1.36% from the year prior. While the United States saw nearly a 4% decrease in attack damages, it still has the highest cost globally at $1,082,710, finds the study.
The analysis finds that attackers appear to increasingly target the cloud. Why is this? As the number of business-critical applications hosted in hybrid-cloud environments has increased, so has the attack surface for cybercriminals. The Threat Report shows that companies that suffered cloud service downtime increased from 41% in 2019 to 50% in 2020, a sharp growth of nearly 22%.
For the reporting period, the analysts say in-house app downtime remained extremely high: 62% this year compared to 63% last year. As a whole, application downtime—whether in-house or in the cloud—remained the most significant result of DNS attacks; of the companies surveyed, 82% said that they had experienced application downtime of some kind.
The increased adoption of cloud services during the global COVID-19 pandemic could make the cloud even more attractive for DNS attackers going forward, adds the report.
“Recognition of DNS security criticality has increased to 77% as most organizations are now impacted by a DNS attack or vulnerability of some sort on a regular basis,” says Romain Fouchereau, Research Manager European Security at IDC. “The consequences of such attacks can be very damaging financially, but also have a direct impact on the ability to conduct business. Ensuring DNS service availability and integrity must become a priority for any organization."