UK councils, schools and government offices were among global public sector and education organisations hit badly by DNS attacks last year – with nearly half reporting dealing with the issue cost them hundreds of thousands of pounds.
One example is the UK education network (Janet) which suffered a DDoS attack in April 2016, resulting in students and teachers in the UK being unable to connect to the apps offered by their university for almost 48 hours.
One in five (19%) of public sector sites and 11% of education bodies affected by DNS attacks say sensitive information was stolen, compared to 16% in the UK overall.
A fifth (20%) of public sector and 12% of educational victims also think intellectual property data was lost compared to 15% for UK organisations overall, while 10% of schools and colleges affected say they needed to take more than one day to recover.
>See also: The cyber security skills gap in the UK: a multifaceted problem
This is in the context of yearly average costs of DNS security breaches to be now running at £1.7 million ($2.2 million) for organisations globally, with malware (35%), DDoS (32%), cache poisoning (23%), DNS tunnelling (22%) and zero-day exploits (19%) as the main threats.
The disturbing findings come from the 2017 Global DNS Threat Survey Report from EfficientIP, a leading provider of network services. According to the report, 76% of all respondents were subjected to at least one DNS attack in last 12 months, with 28% suffering data theft.
EfficientIP’s CEO, David Williamson, also points out that the imminent (May 2018) arrival of the General Data Protection Regulation (GDPR) should sound loud alarm bells for CIOs and CISOs working in the sectors. “In less than a year, GDPR will come into effect, so organisations really need to start rethinking their security in order to manage today’s threats and save their businesses,” he added.
The Survey examines the technical and behavioural causes for the rise in DNS threats and their potential impacts on businesses across the world.
Lack of awareness as to the variety of attacks
● Of all sectors, global education organisations demonstrated the poorest awareness of the top 5 DNS-based attacks with 40% of them being aware of DNS tunnelling, 39% of DNS-based malware, 34% of DDoS, 29% of cache poisoning and 19% of zero-day exploits.
>See also: 7 cyber security threats to SMEs and how to secure against them
● Public sector’s awareness was better but still not good enough with only 48% of organisations aware of DNS-based malware, 37% of cache poisoning, 36% of DDoS, 35% of DNS tunnelling and 23% of zero-day exploits.
Failure to adapt security solutions to protect DNS
● It’s no wonder why over a third (35%) of public sector organisations and a quarter (25%) of education organisations have been subjected to DNS-based malware, DDoS (31% and 22%), cache poisoning (26% and 24%), DNS tunnelling (20% and 19%) and zero-day attacks (19% and 13%) in the past year.
● 49% of education sector DNS victims also stated the size of the DDoS attack they faced was between 1Gbits/sec and 5Gbits/sec and almost a third (30%) between 5Gbits/sec and 10Gbits/sec.
● Although 59% of public sector organisations and 57% of education organisations have a hosted/cloud DNS Appliance base, 36% and 35% respectively suffered cloud service downtime in the last 12 months.
>See also: Global shortfall of cyber security workers to reach 1.8 million in 5 years
● In terms of damage cost, 47% of public sector organisations revealed the final bill was between £77,000 and £231,000 ($100,000 to $300,000) – but 15% said the cost was between £385,000 and £770,000 ($500,000 to $1,000,000).
Poor responses to vulnerability notifications
● When it comes to mitigation, 30% of public sector organisations had to close down specific processes, resulting in what attackers intended to do, but the majority (36%) responded by applying an immediate patch to fix the affected processes.
● 42% of public sector organisations also needed almost a full business day (six hours) to restore their systems (35% took the same time in education).
● In 2016, 72% of public sector organisations only applied between four to ten patches (out of 11 critical security patches that were released in the same time). This number was even higher in education, at 89%.
“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organisations across the globe and their IT departments still don’t fully appreciate the consequences of DNS-based attacks,” added Williamson.
>See also: UK Gov: Firms could face £17M fine if cyber security is not up to scratch
The following steps can be taken by organisations to ensure continuity of service and data protection for themselves, their users and clients:
1. Replace ineffectual firewalls and load balancers with purpose-built DNS security technology.
2. Keep their DNS security up to date by patching DNS servers more often.
3. Enhance their threat visibility by using deep DNS transaction analysis.