The UK’s public sector organisations face a future of paying out increasingly large sums of money as they become a target for DNS attacks.
UK councils, schools, and government offices joined the ranks of global organisations that were hit by DNS attacks, with around half of the organisations having to pay out hundreds of thousands of pounds due to having to fix the problem.
According to the 2017 Global DNS Threat Survey Report from EfficientIP 19% of public sector sites and 11% of education bodies affected by DNS attacks say that sensitive information was stolen, but in the UK overall that is 16%.
Around 20% of public sector and 12% of educational victims also think that IP data was stolen, compared to 15% for UK organisations as a whole.
According to the report, 76% of all respondents were subjected to at least one DNS attach in the last 12 months, with 28% suffering data theft.
Unfortunately, there’s a number of issues that are exaggerating the problem. Failure to adapt security solutions to protect DNS, a lack of awareness of the variety of attacks, poor responses to vulnerability notifications, all point to a lot of issues that need to be overcome.
“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organisations across the globe and their IT departments still don’t fully appreciate the consequences of DNS-based attacks,” said David Williamson, CEO EfficientIP.
The report highlights some key steps that can be undertaken to ensure continuity of service and data protection for all parties involved. It suggests: replacing ineffectual firewalls and load balancers with purpose-built DNS security technology. Keeping DNS security up-to-date by patching DNS servers more often, and enhancing threat visibility by using deep DNS transaction analysis.
The report was conducted by Coleman Parkes from February to March 2017 with 1,000 respondents across APAC, Europe, and North America.