NEW STUDY SHOWS MOST INTERNET-DEPENDENT BUSINESSES LOSING COSTLY BATTLE AGAINST DNS ATTACKS
Denver, CO, July 17, 2007 – A recent independent study of 465 IT and business professionals has revealed that companies are having to deploy a costly and often complex mélange of security measures to keep their DNS (Domain Name Systems) protected from malicious attackers. Even so, many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. Findings showed both external and internal DNS servers were equally vulnerable, as both types succumbed to attacks with roughly the same frequency.
Mazerov Research and Consulting – an international provider of technology and market research – conducted the study on behalf of Secure64 Software Corporation.
The findings underscore a disturbing trend as businesses are forced to find new ways to protect their IT infrastructure from Internet-based intrusions, yet are placing an incredibly high degree of dependency on continuous Internet connectivity. In this survey of businesses decision-makers, over half (54 percent) explained their companies are ‘totally or extremely dependent’ on uninterrupted Internet connectivity; another 26 percent said their company was very dependent. Only 6 percent said their company was not very dependent on Internet connectivity. Growing business dependence on Internet connectivity is the very vulnerability that allows malware to attack DNS.
Reliability, Immunity, Availability Most Important
Not surprisingly, respondents placed a high premium on being able to count on their DNS to work consistently and to ward off potentially crippling attacks. When asked to name an essential or extremely important attribute of a DNS solution, the top five responses included:
- Reliability (67 percent)
- Immunity to exploits, rootkits and malware (54 percent)
- Availability during denial-of-service attacks (52 percent)
- Simple to manage (48 percent)
- Fast query responses – low latency/high performance (46 percent)
However, respondents admitted that trying to achieve these “must-have” DNS characteristics was challenging and required a significant investment in time, money and effort. Three-fourths of all respondents devote valuable resources to continuously patch their operating systems. Others reported having to harden operating systems, invest in dedicated firewalls, and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically use at least 3.5 overlapping methods simultaneously to shore up their DNS security.
Downtime and Potential Damage, Loss
When asked how long their business could weather being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for just over two hours (126 minutes), whereas IT managers estimated it would only be 105 minutes before significant problems arose. Other IT personnel – who may be most directly responsible for maintaining Internet uptime – estimated an even shorter timeframe at an average of 72 minutes.
Respondents were also asked to assess what the likely impact would be on the health of their business if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was 12 percent of participants claimed they would be extremely or somewhat likely to go out of business completely. Other responses included:
- Loss of productivity (74 percent)
- Unable to conduct the most basic business functions (54 percent)
- Loss of significant revenue (40 percent)
- Brand damage would suffer (39 percent)
When asked what the most catastrophic problem would be in the event of a major Internet disruption, 37 percent feared losing email whereas 47 percent identified the disruption of other Web-dependent services such as e-commerce, VOIP and customer support. Surprisingly, only 17 percent indicated that a failure of their DNS – the underlying system that makes email and other Web services possible – would be their most catastrophic problem.
“IT professionals are clearly facing a Sisyphean task when it comes to keeping their DNS secure,” stated Bob Mazerov, founder and principal of Mazerov Research. “What’s particularly interesting is that most respondents perceived the loss of email and other Web services as being a bigger problem than the loss of DNS. This suggests an enduring lack of focus, attention and awareness among IT and business professionals regarding the important and primary role DNS plays within the infrastructure of today’s Internet-dependent enterprise.”
About the Research Study
Mazerov Research & Consulting, LLC of Denver conducted the survey of IT professionals in February/March of 2007. The Internet-based survey was conducted online among 465 respondents nationwide, all with authority in their IT department and authority over DNS; among decision-makers across a breadth of industries from government to manufacturing to media and tourism; and included VARs, Integrators and ISPs. Virtually all economic sectors were included. The survey was also conducted across company size from under $1 million to over $250 million in revenue and from large and small IT staffs. A survey of 465 conducted using this method yields a margin of ± 4.5 percent.
Complete survey results are available on the Mazerov Research & Consulting Web site at www.mazerovresearch.com.
Headquartered in Greenwood Village, Colorado, Secure64 is a software developer providing secure, self-protecting, high performing server applications. Secure64’s core technology is SourceT®, a patented Genuinely Secure™ micro OS designed from the ground up to make the micro OS and any applications running on it immune from rootkits and malware, and resistant to network attacks. Unlike conventional operating systems with insecure architectures, SourceT does not need to be hardened, patched and protected to minimize exposure to vulnerabilities. By simplifying and consolidating network infrastructures, SourceT-based applications help IT professionals reduce the costs and risks from potential security breaches while achieving unparalleled levels of reliability and performance. For more information, visitwww.secure64.com.
About Mazerov Research & Consulting
Headquartered in Denver, Colorado, Mazerov Research and Consulting (MR&C) enables its clients to enter the market more effectively, garner market share more efficiently, and develop winning programs more economically through insightful, thoughtful use of marketing research and strategic consulting. We help our clients – small, medium and large companies in a broad range of industries – make better decisions, launch successful products and services, craft and execute more effective marketing and advertising programs, and support more effective sales programs. Since 1993, MR&C has helped clients develop over $5 billion in new products, improved sales performance, and advertising programs.
Vice President, Marketing
Founder & Principal
Mazerov Research & Consulting
Trippe and Company
Trippe and Company