Freely subscribe to our NEWSLETTER

The results come in advance of the one-year anniversary of the DDoS attack on
DNS provider Dyn last October, which knocked dozens of major sites offline
including Netflix, Airbnb, Amazon, CNN, New York Times, Twitter and more. The
widespread impact of the attack shed light on a startling reality - that many
companies have inadequate defenses when it comes to DNS security. Despite this
wake-up call, only 11 percent of companies have dedicated security teams
managing DNS, showing DNS is still not as high of a priority as it should be.

"Our research reveals a gap in the market - while we found that DNS security is
one of IT and security professionals’ top three concerns, the vast majority of
companies are ill-equipped to defend against DNS attacks," said David Gehringer,
principal at Dimensional Research. "This is exacerbated by the fact that
companies are extremely reactionary when it comes to DNS security, only
prioritizing DNS defense once they have been attacked. Unless today’s
organizations begin moving to a proactive approach, DDoS attacks such as the one
on DNS provider Dyn will become more pervasive."

Other key findings from the "Most Companies Unprepared for DNS Attacks" report
include:
– DNS Attacks Extremely Effective: Three out of 10 companies have already been
victims of DNS attacks. Of the companies that have been victims of DNS attacks,
93% experienced downtime. 40 percent were down for an hour or more,
substantially impacting their business.
– Companies Slow to Notice DNS Attacks: Despite 71 percent of companies
claiming they have real-time monitoring for DNS attacks, 86 percent of solutions
failed to be the first in notifying teams that a DNS attack was occurring.
Moreover, 20 percent of companies were first alerted to DNS attacks by customer
complaints, meaning it had already impacted their business, reputation and
customer satisfaction.
– Most Companies Vulnerable to DNS Attacks: Only 37 percent of companies were
able to defend against all types of DNS attacks (hijacking, exploits, cache
poisoning, protocol anomalies, reflection, NXDomain, amplification), meaning
that the majority (63 percent) are essentially gambling that the next DNS attack
is one they can repel.
– Reactive Rather Than Proactive: Before an attack, 74 percent of companies
focus on anti-virus monitoring as their top security focus; however, after an
attack, DNS security moves to the number one position with 70 percent claiming
it is the most important security focus. This demonstrates a reactionary
approach and that DNS is not a priority until a company has been attacked and
suffered a tangible business loss.
– DNS Has Direct Impact on the Bottom Line: 24 percent of companies lost
$100,000 or more from their last DNS attack, significantly impacting their
bottom line. 54 percent lost $50,000 or more. As the numbers show, once
websites are rendered inaccessible, all digital business and revenue comes to a
grinding halt, while internal resources are redirected to resolving the attack
rather than driving the business.

"Most organizations regard DNS as simply plumbing rather than critical
infrastructure that requires active defense," said Cricket Liu, chief DNS
architect at Infoblox. "Unfortunately, this survey confirms that, even on the
anniversary of the enormous DDoS attack against Dyn-a dramatic object lesson in
the effects of attacks on DNS infrastructure-most companies still neglect DNS
security. Our approach to cybersecurity needs a fundamental shift: If we don’t
start giving DNS security the attention it deserves, DNS will remain one of our
most vulnerable Internet systems, and we’ll continue to see events like last
year’s attack."

To download the full report "Most Companies Unprepared for DNS Attacks," visit
http://info.infoblox.com/resources-whitepapers-dimensional-research-dns-survey-report

Methodology

Participants for the study included more than 1,000 security, IT operations and
infrastructure professionals worldwide across all company sizes and verticals.