While we hear a lot about DNS threats, we tend to think of how they will affect us personally and aren’t really looking at everything they could attack. But we need to remember many of these attacks are on businesses which also affect us. Yet, businesses are continuing to not protect themselves against DNS attacks, which costs millions and affects us, the consumers.
As Efficient IP reports, “At this rate, organizations are literally bleeding out — losing money, data, time, reputation, and more.”
2019 Global DNS Threat Report
Anything that connects to the Internet, including Internet of things devices, computers, etc., needs an IP address, and that needs a DNS (domain name system) server. It’s a naming system for anything that connects to the Internet or a private network.
This means anything used to connect to the Internet, including computers, mobile devices, and IoT devices, are threatened under a DNS attack.
Efficient IP reports that the trends in DNS threats are the worst in the five-year history of the report that examines threats to businesses. The average cost of a DNS attack in the United States is more than $1.27 million. Almost half of the businesses lose more than $500K, and close to 10 percent lose over $5 million. That’s not overall in a year – that’s each time they have a breach.
Other than financial loss, there is the damage that is caused to the business before it can be repaired. The majority of U.S. businesses took more than a day to resolve it. This means they’re offline for an entire business day.
Most affected are in-house applications, at 65 percent of time time. Cloud services became unavailable in 41 percent of cases in the U.S., and a company’s website was compromised in 44 percent of the cases. Loss of business and brand damage occurred in over a quarter of the cases, and 13 percent of the time customer information or intellectual property was stolen.
Efficient IP claims all industries are threatened, yet, “in particular, financial services, healthcare, and retail topped the list of most targeted sectors, which is likely due to the type of customer data these organizations house – personal and financial information,” and that makes sense.
“Globally, government organizations reported the largest amount of sensitive information stolen and took the longest to fix the issue, with nearly one-third reporting it took almost an entire workday (eight hours) or more to resolve the attack, and 70 percent took two days or more to install a security patch. That’s hours and hours of extreme vulnerability.”
With that extreme vulnerability, why are businesses not doing more to protect themselves? Efficient IP reports many U.S. organizations think protecting DNS is only moderately important, but “when the DNS is impacted, so is your entire network, including access to all of the applications that run your business.”
Additionally, “internal threat intelligence based on real-time analysis of DNS transactions isn’t properly in place. Perimeter network security isn’t enough, everyone inside and outside the organization must be seen as a risk, so this is where adopting a zero-trust strategy is critical.”
How This Is Affecting IoT
This has a direct effect on IoT, though it may not seem like it. We have talked many times before at IoT Tech Trends about IoT devices being prone to security attacks. All that data you have saved on your device is vulnerable to the brand’s lack of taking DNS threats seriously.
For instance, let’s take a look at security cameras. If the company you bought it from that also keeps your camera footage in the cloud suffers a DNS attack, your personal information, location, and camera footage is vulnerable to being stolen.
That is the scary part here. Even if you maintain great security practices, the business handling your information may not be, and there isn’t much you can do about it, other than not use Iot devices, and some people don’t for that very reason.
Does this news about a lack of DNS security in businesses worry you? Let us know how you feel about it in a comment below.