Ben Birchall - WPA Pool / Getty Images
show image

Oscar Williams

News editor

Is DNS security the weakest link in businesses’ cyber defences?

The cost of domain name system (DNS) attacks has more than doubled in the last year, according to EfficientIP’s latest global threat report. Research commissioned by the security vendor found the average annual cost of DNS attacks had risen from $1.8m (£1.38m) to $5m (£3.82m).

The soaring cost has been driven by a spike in the number of attacks, with businesses suffering an average of 7.1 DNS strikes per year, up from 3.7 in 2017, and attacks becoming more costly. The average cost of a single strike rose from $456,000 (£350,000) to $715,000 (£548,000).

Speaking to NS Tech at IP Expo this week, Nick Fennell, a pre-sales engineer at EfficientIP, said DNS attacks are on the rise because the DNS, the system which converts domain names into IP addresses, is among the easiest targets available to cyber criminals.

“DNS is the weakest kid in the school right now because everything else has been hardened,” says Fennell. “Attackers are now wise to the fact no one’s doing anything about it. They’re not going to waste time trying to penetrate £100,000 smart firewalls.”

Meanwhile, attacks are becoming increasingly disruptive. “DNS is the single most used resource on the internet,” says Fennell. “It is the unified directory of resource for everything. It’s a great resource for to diversify your offers. Businesses can understand that a user is coming from the UK and direct them to a UK-based server. We use it because network services are broadening their offers.”

EfficientIP’s data, which was based on a survey of 1,000 technology decision makers, found some industries were especially vulnerable to the attacks. The cost of a typical attack in the finance sector, for example, averaged $924,000 (£706,000) over the last 12 months.