Study shows most Internet-dependent businesses losing costly battle against DNS attacks

In early 2007, Secure64 commissioned Mazerov Research to conduct a survey of IT administrators to learn about their experiences and concerns with the DNS. The study of 465 IT and business professionals revealed that companies are having to deploy a costly and often complex mélange of security measures to keep their DNS (Domain Name Systems) protected from malicious attackers. Even so, many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. Findings showed both external and internal DNS servers were equally vulnerable, as both types succumbed to attacks with roughly the same frequency.

Internet Dependence

The findings underscore a disturbing trend as businesses are forced to find new ways to protect their IT infrastructure from Internet-based intrusions, yet are placing an incredibly high degree of dependency on continuous Internet connectivity. In this survey of businesses decision-makers, over half (54 percent) explained their companies are ‘totally or extremely dependent’ on uninterrupted Internet connectivity; another 26 percent said their company was very dependent.  Only 6 percent said their company was not very dependent on Internet connectivity. Growing business dependence on Internet connectivity is the very vulnerability that allows malware to attack DNS.

Reliability, Immunity, Availability Most Important

 Not surprisingly, respondents placed a high premium on being able to count on their DNS to work consistently and to ward off potentially crippling attacks. When asked to name an essential or extremely important attribute of a DNS solution, the top five responses included:

• Reliability (67 percent)
• Immunity to exploits, rootkits and malware (54 percent)
• Availability during denial-of-service attacks (52 percent)
• Simple to manage (48 percent)
• Fast query responses – low latency/high performance (46 percent)

 However, respondents admitted that trying to achieve these “must-have” DNS characteristics was challenging and required a significant investment in time, money and effort. Three-fourths of all respondents devote valuable resources to continuously patch their operating systems. Others reported having to harden operating systems, invest in dedicated firewalls, and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically use at least 3.5 overlapping methods simultaneously to shore up their DNS security.

Downtime and Potential Damage, Loss

When asked how long their business could weather being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for just over two hours (126 minutes), whereas IT managers estimated it would only be 105 minutes before significant problems arose. Other IT personnel – who may be most directly responsible for maintaining Internet uptime – estimated an even shorter timeframe at an average of 72 minutes.

Respondents were also asked to assess what the likely impact would be on the health of their business if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was 12 percent of participants claimed they would be extremely or somewhat likely to go out of business completely. Other responses included:

• Loss of productivity (74 percent)
• Unable to conduct the most basic business functions (54 percent)
• Loss of significant revenue (40 percent)
• Brand damage would suffer (39 percent)
  

 When asked what the most catastrophic problem would be in the event of a major Internet disruption, 37 percent feared losing email whereas 47 percent identified the disruption of other Web-dependent services such as e-commerce, VOIP and customer support. Surprisingly, only 17 percent indicated that a failure of their DNS – the underlying system that makes email and other Web services possible – would be their most catastrophic problem.

“IT professionals are clearly facing a Sisyphean task when it comes to keeping their DNS secure,” stated Bob Mazerov, founder and principal of Mazerov Research. “What’s particularly interesting is that most respondents perceived the loss of email and other Web services as being a bigger problem than the loss of DNS. This suggests an enduring lack of focus, attention and awareness among IT and business professionals regarding the important and primary role DNS plays within the infrastructure of today’s Internet-dependent enterprise.”

About the Research Study

Mazerov Research & Consulting, LLC of Denver conducted the survey of IT professionals in February/March of 2007. The Internet-based survey was conducted online among 465 respondents nationwide, all with authority in their IT department and authority over DNS; among decision-makers across a breadth of industries from government to manufacturing to media and tourism; and included VARs, Integrators and ISPs.  Virtually all economic sectors were included.  The survey was also conducted across company size from under $1 million to over $250 million in revenue and from large and small IT staffs. A survey of 465 conducted using this method yields a margin of ± 4.5 percent.

Complete survey results are available here.

                                                                           top of page 

 US Government DNSSEC Initiative

US Government Selects Secure64 for Initiative to Secure to Secure Internet Infrastructure
Secure64 Software Corporation today announced that the Department of Homeland Security Science and Technology (S&T) Directorate has awarded a $1.2 million contract to the company to use its Genuinely Secure SourceT® micro OS in an initiative to secure one of the most critical elements of the Internet infrastructure. The contract requires delivery of a simple, automated solution to implement Domain Name System Security Extensions (DNSSEC). DNSSEC adds a critically needed level of trust to the Internet by allowing users to know with certainty that their Internet-based communications such as web site visits and email correspondence actually connect to the parties they intend to reach. Read on..[press release]

top of page 

DNSstuff helps you configure, monitor and resolve web, email and internet connectivity issues. On-demand tools and alert services make your life easier and your company more secure. Secure64 fans receive a 30% discount off purchase! Enter coupon: Secure64 (valid until 6.15.08)

Reader Survey
In the March issue of Notify we asked readers to take a survey on anycast DNS:

20% of survey respondents have never heard of anycast
20% of survey respondents are familiar with the concept
60% of survey respondents have deployed anycast in their DNS environment

top of page

Have comments or questions about the content you've read? Please feel free to contact me.

Jeff Ryan
jeff.ryan@secure64.com
303-242-5897