New research from EfficientIP has revealed that government organisations were hit by the highest number of Domain Name System (DNS) attack per year.
In its IDC 2019 Global DNS Threat Report, governments suffered an average of 12 DNS attacks per year – with each attack costing an average of $558,000. This amounts to a loss of $6.7 million annually.
Over half (51%) of government organisations reported suffering in-house application downtime as a result of DNS attacks in the past year, whilst 43% reported facing cloud service downtime.
Nearly a fifth (19%) of government respondents reported sensitive information or intellectual property being stolen via DNS, by far the highest among all industries.
Over half of government respondents (51%) admitted to shutting down a server to stop an attack underway – indicating to a poor level of incident response and that the countermeasures put in place are not adapted to ensure service continuity.
With all this risk in mind, 32% of respondents didn’t recognise the critical nature of DNS to operations – citing that DNS security is low or moderately important. Additionally, 32% admitted to not performing analytics on DNS traffic.
David Williamson, CEO of EfficientIP, commented on the report’s findings:
“With an increasing number of government services moving online, hackers have more points of attack to exploit than ever before. When 91% of malware uses DNS, analysis of DNS transactions is vital for uncovering these dangerous threats hidden in network traffic. In particular, the detection of data exfiltration via DNS requires visibility and analytics on transactions from the client to the destination domain.
“Despite this, our latest research shows governments are significantly more exposed than other sectors to DNS attacks. This is unacceptable when governments are trusted with sensitive information by their citizens, so they need to understand the potential risks to protect both themselves and the public.”
The post #Privacy: Governments lose nearly $7m to DNS attacks each year appeared first on PrivSec Report.