39%EfficientIP 2018 DNS Threat Report proves European organizations
suffer most from global network attacks
EfficientIP, a leading specialist in DNS security to ensure service continuity, user protection and data confidentiality, revealed the European results of its 2018 DNS Threat Report. The research explored the technical causes and behavioral responses towards DNS-based threats and their potential effects on businesses across the world. Globally, 77% of organizations faced DNS attacks in the past year with each attack costing European businesses an average of €734,000. The consequences of not securing DNS increases the risk of data loss, service downtime, compliance failure or compromised public image.
David Williamson, CEO of EfficientIP summarized the research, saying, “New regulation made it necessary for every organization to ensure the data they keep is secure. Surprisingly, our research shows European organizations have invested the least globally in technology, which can prevent data theft. This could be a reason as to why the region had the most data stolen. In the year ahead, it will be interesting to see how European companies will prevent data theft and avoid regulatory fines.”
DNS attacks cost European businesses the most
DNS is the gateway to every corporate network and malicious actors are targeting it as a way to steal sensitive information. The research shows the average cost per DNS attack for European organizations has risen by 43% over the past year to €734,000, much higher than their North American and Asia Pacific counterparts. French organizations had the highest cost per attack at €847,000 and the UK had highest cost increase at 105% to €684,000. German organizations have reduced the impact of DNS attacks over the last year, increasing only by 15% this year.
Attacks dent revenue, but cloud services are better protected
On average, European companies suffered the most data theft at 39%, higher than the global average at 33%. Nearly half of French organizations admitted to losing sensitive data (48%) and UK companies suffered the least in the region at 32%. A third of European organizations had their websites compromised, with nearly half (48%) of Spanish organizations admitted to website downtime. A quarter (25%) of French organizations suffered loss of business as a consequence of DNS attacks.
European organizations are more effective than their global peers at protecting their cloud services. On average, a third (34%) of European businesses suffered cloud downtime, lower than the global average at 40%. Within the region, France has the most cloud outages due to DNS attacks at 41%, whereas Germany was the lowest at 28%.
DNS-based malware most prevalent in Europe
The top five DNS-based attacks in Europe reflect the global top five, with DNS-based malware (39%) being the most popular attack faced in the region, followed by phishing at 34%, DNS DDoS attacks at 20%, DNS tunneling at 19%, domain lock-up at 18%. DNS-based malware were more prevalent than anywhere else in world, with Germany facing the most attacks at 44%. Spanish organizations faced more DNS tunneling attacks at 24% than their European peers.
European businesses underinvest in keeping data confidential
DNS is recognized as a prime target for data exfiltration. Protecting the DNS requires monitoring and analysis of traffic to identify threats once they enter the corporate network. Conventional end-point and firewall technologies primarily focus on protecting the perimeter of every corporate network, therefore they are redundant once the threat moves inside.
European companies prioritized investment in securing network endpoints (38%), the monitoring and analysis of DNS traffic at 36%, and followed by firewalls at 20%. It’s positive to see DNS investment move into the top three, but more can be done in this area, and it maybe why European organizations had the most data stolen within the last year.
Research data
Statistic |
Global |
EU |
UK |
France |
Germany |
Spain |
Regional Average |
Average cost of attack |
$715,000.00 |
$785,630.00 |
$974,190.00 |
$905,190.00 |
$710,180.00 |
$843,798.00 |
Data theft via DNS |
33% |
32% |
48% |
36% |
39% |
39% |
Organizations putting Top Priority on DNS Analysis for protecting data |
38% |
32% |
35% |
39% |
37% |
36% |
DNS-based Malware |
36% |
35% |
38% |
44% |
38% |
39% |
Phishing |
36% |
35% |
34% |
37% |
28% |
34% |
DNS Tunneling |
20% |
18% |
19% |
15% |
24% |
19% |
Domain Lock-up |
20% |
17% |
22% |
15% |
16% |
18% |
DNS DDoS Attacks |
20% |
19% |
21% |
20% |
20% |
20% |
Average cost of attack increasing (2017 figure) |
$456,000 |
$382,000 |
$658,000 |
$784,000 |
$534,000 |
$590,000 |
Average cost of attack increasing (2017 figure) in Euro |
€397,000 |
€332,000 |
€572,000 |
€682,000 |
€465,000 |
€513,000 |
Average cost of attack increasing (2017 figure) in £ |
£342,000 |
£287,000 |
£494,000 |
£588,000 |
£401,000 |
£442,000 |
Average cost of attack increasing (2018 figure) |
$715,000 |
$786,000 |
$974,000 |
$905,000 |
$710,000 |
$844,000 |
Average cost of attack increasing (2018 figure) in Euro |
€622,000 |
€684,000 |
€847,000 |
€787,000 |
€618,000 |
€734,000 |
Average cost of attack increasing (2018 figure) in £ |
£536,000 |
£590,000 |
£731,000 |
£679,000 |
£533,000 |
£633,000 |
Percentage increase 2017 v 2018 |
57% |
105% |
48% |
15% |
33% |
50% |
Companies suffering brand damage |
23% |
23% |
26% |
24% |
19% |
23% |
Compromised website |
33% |
25% |
26% |
37% |
48% |
34% |
Application Downtime |
31% |
26% |
21% |
26% |
17% |
23% |
Loss of Business |
22% |
21% |
25% |
16% |
18% |
20% |
Cloud service downtime due to DNS attacks |
40% |
35% |
41% |
28% |
32% |
34% |
Monitoring & Analyzing DNS Traffic |
38% |
32% |
35% |
39% |
37% |
36% |
Securing network endpoints |
35% |
35% |
40% |
37% |
39% |
38% |
Adding more firewalls |
21% |
27% |
17% |
18% |
18% |
20% |
|