Governments suffer $6.7 million in DNS cyberattack damage yearly

Government organisations suffer an average of 12 DNS attacks per year, with each attack costing an average of $558,000, amounting to $6.7 million annually, the 2019 Global DNS Threat Report shows.

Research from IDC, sponsored by EfficientIP, shows that over half (51%) of government organisations suffered in-house application downtime as a result of DNS attacks in the last 12 months, rendering potentially vital services inaccessible.

At the same time, 43% faced cloud service downtime. Another 41% of organisations were impacted by compromised websites, putting data at risk.

Almost one in five (19%) government respondents also reported sensitive information or intellectual property being stolen via DNS, by far the highest among all industries.

The typical DNS attack takes over seven hours for government organisations to mitigate, leaving the door wide open to a huge potential loss of sensitive personal and financial data.

Over half (51%) of government respondents admitted to shutting down a server to stop an attack once underway, indicating that the countermeasures in place are not adapted to ensure service continuity.

Despite the risk, one-third (32%) of government respondents don’t recognise the critical nature of DNS to operations, stating DNS security is only low or moderately important. Furthermore, one third (32%) of government sector respondents don’t perform analytics on DNS traffic, suggesting respondents are potentially unaware of how DNS downtime deprives users access to essential applications or government services.

Nick Itta, VP of sales ion Asia Pacific at EfficientIP, said that while stronger cybersecurity laws have been implemented, there is a need to focus on improving DNS’ resilience, and implement stricter cybersecurity safeguards, including DNS security solutions.

“Our latest research shows governments are significantly more exposed than other sectors to DNS attacks,” saidDavid Williamson, CEO of EfficientIP. “This is unacceptable when governments are trusted with sensitive information by their citizens, so they need to understand the potential risks to protect both themselves and the public.”