Articles Cloud Cloud News Datacenter

It costs $715,000 to mitigate a DNS attack in 2018: EfficientIP report

On average, a DNS attack costs $715,000 to organizations globally, up from $456,000 a year before, according to 2018 DNS Threat Report by EfficientIP.

EfficientIP surveyed 1000 organizations around Europe, Asia Pacific and North America to analyze the technical and behavioral causes of the rise in DNS (domain name system) threats, their effects on business, and remedies.

The report highlighted that organizations faced average seven DNS attacks in 2017, which costed around $5 million in damages. The organizations which don’t secure the DNS are at a higher risk of data loss, service downtime, compliance failure or compromised public image.

Key findings of the 2018 DNS Threat Report:

  • Average cost per attack increasing YoY

77% of the organizations were found subject to a DNS attack in 2018. The research shows that the average cost of damages caused by a DNS attack has increased by 57% over the previous year. The cost per attack varied country by country. For instance, cost per attack in France is $974,000, whereas it costs $654,000 to organization in North America.

  • DNS-based malware and phishing: Top DNS threats in 2018

DNS-based malware (36%) and Phishing (36%) are the most popular DNS threats in 2018, both of which have increased as compared to last year. Along these attacks, the DDoS attacks, Lock-up Domain attacks, and DNS Tunneling are the top DNS attacks, each of which accounts for 20% of all the DNS attacks in 2018.

  • DNS attacks damage brand image

The major cyber-attacks like WannaCry and NotPetya caused financial/brand damage and customer churn for organizations globally.

Due to DNS attacks, 40% of the organizations suffered cloud outages, 33% were victims of data theft, whereas, 22% lost their business. On average, an organization takes 7 hours to mitigate the attack, up 40% from a year before.

  • All industries vulnerable to DNS attacks

Further, the report revealed that all the industries are vulnerable to DNS attacks. The public sector takes the longest to mitigate an attack, while healthcare faces the highest cloud downtime. The telecom sector had the most sensitive customer information stolen, while it costed the highest to financial sector.

Also read: Biggest cloud security challenges in 2018 and their solutions

“Worryingly, the frequency and financial consequences of DNS attacks have risen and businesses are late in implementing purpose-built security solutions to prevent, detect and mitigate attacks. On the positive side, business and IT leaders globally now have a better understanding on why DNS is fundamental to ensuring business continuity and data confidentiality, so securing DNS has become a top priority for them,” said David Williamson, CEO of EfficientIP.

Read full report here.

Cloud Cloud News News

25% of businesses had their data stolen from public cloud: McAfee Study

One-in-four businesses experienced data theft from a public cloud, and one-in-five businesses experienced an advanced attack against their public cloud infrastructure, as per a report released by the cybersecurity firm – McAfee.

The report, “Navigating a Cloudy Sky”, is based on the sampling of 1400 IT personnel, and was released at the RSA Conference in San Francisco.

The report outlined the current cloud adoption state, concerns with the public and private cloud services, security implications in the cloud and the impact of unmanaged cloud usage.

It was found that inadequate visibility and control were the greatest challenges to cloud adoption in any organization. However, the business benefits of cloud and availability of modern cloud security tools outweighed any security concerns, helping it move ahead.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. “By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

Other findings of the report have been summarized here:

  • Rise in cloud adoption

McAfee found that the number of businesses who used public, private and hybrid cloud had increased from 93% to 97% in the last one year. The rise in cloud adoption was significant at the hybrid cloud front.

Of the businesses who used any kind of cloud services, 88% of them stored sensitive data in the public cloud. 69% of the businesses trusted public cloud to keep their data safe. Whereas, 16% stated that they stored no sensitive data in the cloud.

61% of the businesses said that the most common sensitive data stored on the cloud was the personal information of their customers. 40% stored internal documentation, payment card details, personal staff information, and government identification data. Whereas, around 30% stored intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud.

  • Malware attacks have increased

The highlight of the survey report was that one in every four businesses who used IaaS, PaaS, or SaaS cloud service had their data stolen, and one in five had experienced an advanced attack against the public cloud infrastructure.

Furthermore, the malware attacks against the cloud applications rose from 52% to 56% over the course of one year. 25% of the businesses said that the malware was injected to the cloud by phishing.

  • Decline in ‘shortage of cybersecurity skills’

The positives from the survey were that the ‘shortage of cybersecurity skills’ and its impact on the cloud adoption in the organizations had decreased.

The number of organizations who reported ‘no skills shortage’ increased from 15% to 24% in one year.

Of the organizations who reported ‘skills shortage’, only 40% reduced the rate of cloud adoption, compared to 49% last year.

  • GDPR to fuel cloud adoption

With General Data Protection Regulation (GDPR) coming in action next month, the service providers will have to ramp up their compliance efforts. With the better compliance and security in the cloud, the businesses will be more confident about cloud adoption.

Only less than 10% businesses said that they might decrease their cloud investment because of GDPR.

Key takeaways – recommended security practices

  • Integration of development DevOps and DevSecOps within the business environments can improve the quality of coding and reduce the vulnerabilities.
  • Automation that brings together the human advantages and machine advantages are critical for modern IT operations. The use of tools like Chef and Puppet can be useful on this front.
  • The use of a unified management platform across multiple clouds, rather than multiple management tools for multiple cloud, can reduce the costs and increase the security.

Also read: McAfee Cloud Workload Security with container support to aid enterprises accelerate cloud business with compliance and security