DNS attacks are costing businesses more than $1 million (£702K), however 25 percent of organisations are still not implementing any kind of basic security software.

EfficientIP's first ever DNS Security Survey evaluated 995 senior security pros across various-sized enterprises in North America, Europe and Asia Pacific and found that 74 percent of CSOs and network directors have been victimised by DNS attacks.

Despite 79 percent being aware of the risks associated with DNS, only 59 percent use any form of DNS security. Almost 30 percent still don't rate DNS as an important part of their business.

The top three DNS attacks that have the largest impact on an organisation are DDoS attacks (22 percent in last year), data exfiltration (12 percent in North America, 39 percent in Asia during the last year), and zero-day vulnerabilities (almost 20 percent in the last year).

Only 23 percent of respondents recognised zero-day attack or DNS tunneling as risks and only 30 percent were aware of DDoS attacks. Most businesses still rely on ‘out-of-the-box' non-secure DNS servers offered by Microsoft or Linux.

“Despite the massive increase in cyber-attacks, companies and their IT departments still don't fully appreciate the risks from DNS-based attacks. In just under two years GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It's crucial for all businesses to start taking DNS security seriously,” said David Williamson, CEO at EfficientIP.