One of the main business challenges today is still very much keeping pace with the mass of ever-growing and changing security threats. As per BIS, Infosecurity and PwC’s 2015 Information Security Breaches survey, 72 percent of organizations had data or employee-related breaches in 2015 - and global businesses lost an estimated £158 million in 2016 according to IBM and Ponemon Institute.
Yet many companies still are not taking security seriously enough and expect fewer security instances now. This reactive approach is no longer good enough and means a threat may already be causing massive damage by the time it is identified.
Not only are DDoS attacks steadily increasing, but we have also seen a massive rise in new threats such as ‘DNS tunneling’ - where the DNS protocol is used to steal data. DNS water torture is another tactic, also known as a ‘Slow Drip DDoS attack’, which makes a victim’s domains appear inaccessible. If you have not heard of these types of threats, ask your IT department – your data may already be at risk.
The repercussions of these breaches are not just short-term monetary issues due to application downtime; they can also include long-term loss of business due to permanent brand damage. We recently spoke with almost 100 UK-based organizations, and it was revealed 67 percent of UK businesses believe DNS security is critical for the business, yet only 27 percent were aware of the different types of vulnerabilities.
How susceptible are UK organizations to DNS attacks?
In 2016, almost 15 percent of UK businesses were involved in Zero Day attacks – higher than their US counterparts – while nearly 20 percent experienced DNS, DoS and DDoS attacks. Furthermore, around 20 percent have also been subject to cache poisoning (data corruption) in the past 12 months – again more than US organizations, along with a higher amount of DNS Amplification attacks.
In terms of new threats, almost 10 percent of UK organizations have been victims of DNS tunneling, and nearly five percent have experienced DNS water torture.
These results certainly point to UK companies being susceptible to DNS attacks – and more so than US organizations. Many UK businesses are also losing considerable sums of money from DNS attacks, especially in comparison to those in mainland Europe. Almost seven percent of UK businesses estimated DNS attacks had cost them between $1million and $5million – higher than in France, Germany, and Spain - while 17 percent believed previous attacks had cost them between $100K to $500K.
Are effective measures being deployed to mitigate DNS attacks in the UK?
UK businesses may be losing more money from attacks because of the steps they use to reduce the effects of these breaches. In comparison to organizations across the rest of the world, more UK businesses shut down their servers when faced with an attack than anywhere else, a huge thirty-one percent.
A further 20 percent also closed down specific affected processes and connections, and 17 percent disabled applications. These companies risk both short and long-term damage to business through inadequate and reactive DNS security measures. For many, this may be a result of the organization trying to solve the issues internally, and this is what their IT departments have been trained to do.
What is the extent of the damage to UK business?
UK organizations are already experiencing more short and long-term damage to business than the US and mainland Europe. Reactive measures to security threats - such as shutting down servers - are causing damage to business availability and reputation. Almost 18 percent of UK businesses have experienced loss of business from an attack – and almost 16 percent have suffered brand damage. Further still, nearly 24 percent have had their website comprised, and application downtime has impacted 35 percent.
On the bright side, the UK experiences less application downtime in comparison to its US peers following a DNS attack. 41 percent of UK-based organizations were also able to mitigate an attack in less than ten minutes. This makes it evident that the UK has the skills and resources to deal with DNS attacks, but perhaps they need to put more proactive measures into action too.
What next for UK enterprises and their IT departments?
The reality is DNS attacks are becoming increasingly sophisticated and are only going to cost businesses more and more. Recent news stories featuring high-profile cyber-attacks such as TalkTalk and British Gas highlight the importance of cybersecurity.
However, it is apparent that the UK still has a long way to go until it is as proactive as Europe and the US. For example, the DDoS attack on the academic computer network Janet in December 2015 persisted for several days and crippled multiple internet connections. Nothing quite like this has been seen in Europe. Although many organizations are beginning to take notice, those that are not, (or are not fully prepared), are at risk of permanent loss of data, and more importantly overall business.