Infoblox released results of a global survey finding that DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks. Surveying over 1,000 security and IT professionals worldwide and conducted by Dimensional Research, the study found that 86 percent of DNS solutions failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack.
The results come in advance of the one-year anniversary of the DDoS attack on DNS provider Dyn last October, which knocked dozens of major sites offline including Netflix, Airbnb, Amazon, CNN, New York Times, Twitter and more. The widespread impact of the attack shed light on a startling reality – that many companies have inadequate defenses when it comes to DNS security. Despite this wake-up call, only 11% of companies have dedicated security teams managing DNS, showing DNS is still not as high of a priority as it should be.
“This is exacerbated by the fact that companies are extremely reactionary when it comes to DNS security, only prioritizing DNS defense once they have been attacked. Unless today’s organizations begin moving to a proactive approach, DDoS attacks such as the one on DNS provider Dyn will become more pervasive” said David Gehringer, principal at Dimensional Research.
“Most organizations regard DNS as simply plumbing rather than critical infrastructure that requires active defense,” said Cricket Liu, chief DNS architect at Infoblox. “Unfortunately, this survey confirms that, even on the anniversary of the enormous DDoS attack against Dyn—a dramatic object lesson in the effects of attacks on DNS infrastructure—most companies still neglect DNS security. Our approach to cybersecurity needs a fundamental shift: If we don’t start giving DNS security the attention it deserves, DNS will remain one of our most vulnerable Internet systems, and we’ll continue to see events like last year’s attack.”