New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.
Just less than half (49 percent) of the organizations surveyed said they had experienced such an attack in the past 12 months. The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunneling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.
The research surveyed 300 U.S. and U.K. key IT decision makers in organizations with 1,000+ employees. It covered a variety of verticals including financial services, retail, distribution and transport, IT and manufacturing and production. The study was commissioned by Cloudmark.
A third of the respondents confirmed they had lost confidential customer information. Despite this however, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management does not see DNS security as an issue. More than half of the IT decision makers polled (55 percent) cited the theft of private or confidential data as a major concern to their organization.
“The survey findings suggest that large organizations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers,” said Neil Cook, chief technology officer at Cloudmark, in a statement.
Twenty-three percent of U.K. respondents admitted they did not know if their organization had ever suffered a DNS attack. The highest incidence of DNS attacks occurred among retail, distribution and transportation verticals, with 74 percent suffering from an attack in the past 12 months.
“While DDoS threats continue to be a common method of attack to siphon off valuable resources, organizations need to review their security solutions to ensure they can protect against a multitude of other attacks including DNS exfiltration and DNS tunneling, particularly in industries where high-value data is held, such as retail and financial industries,” Cook added. “Once an organization’s data is in the hands of cyber-criminals, the brand reputation, customers and ultimately revenue of that organization can be severely affected.”