EfficientIP has published the findings of its eighth annual ‘2022 Global DNS Threat Report’, conducted by market intelligence firm IDC on its behalf. The research reveals the damaging impacts that Domain Name System (DNS) attacks have had on global organizations’ operations over the past 12 months. The report uncovers how despite 73 percent of organizations knowing that DNS security is critical to their business, cyber criminals are still infiltrating the network and causing significant business disruption, resulting in the shutdown of cloud and on-premise applications and theft of data.
As enterprises continue to strike a balance between supporting remote workers and mitigating the network security risks posed by the rise in hybrid work models and reliance on cloud applications, the results show that 88 percent of organizations have experienced one or more DNS attacks on their business.
Securing the DNS and ensuring the integrity of the network so that threats are detected and mitigated before they propagate becomes even more critical to guaranteeing continuous business operations, with organizations detailing how they have, on average, been hit by seven attacks in the past 12 months.
A DNS attack does not just result in an inconvenient business disruption but can be a costly expense for organizations. Each successful attack costs the business, on average, $942,000.
In the past 12 months, APAC has become the region with the highest average cost of a successful attack at $1,036,040, an increase of 14 percent when compared to 2021, while EMEA and North America’s average cost of successful attack has decreased by 4 percent and 7 percent respectively. Malaysia (21 percent), Germany (18 percent) and both India and the UK (14 percent each) experienced the highest increase in the cost of an attack, while Spain saw its cost of damages plummet by almost half (48 percent) when compared to 2021. France and the US were the only other countries that saw a decline in the average cost with 21 percent and 5 percent respectively.
Cybercriminals are continuing to use all available tools to gain access to networks, disrupt the business and steal data by specifically targeting the hybrid workforce, with DNS-based attacks becoming increasingly pervasive across all industries. In the last year, 70 percent of organizations suffered with in-house and cloud application downtime, with the average time to mitigate these threats increasing to 6 hours and 7 minutes, meaning that employees, partners, and customers were unable to access any services.
The top five DNS-based attacks experienced by organizations are Phishing (51 percent), Malware (43 percent) DDoS (30 percent) DNS tunnelling (28 percent) and hijacking/credential attack (28 percent).