A woeful patching record and an over reliance on firewalls is partly to blame for the telecoms industry suffering more Domain Name System attacks than any other sector, new research has revealed.

The poll by vendor EfficientIP found that telcos, which made up 10 percent of the cross-industry survey of 1,000 execs, faced on average four DNS attacks each in 2016.

A quarter of telcos admitted they lost sensitive customer information – again more than any other sector – while the average attack cost £460,000 to fix.

Moreover, 40 percent of telcos said it took them six hours to mitigate a DNS attack, the report found.

DDoS and malware were the top two threats, with DNS tunnelling, cache poisoning and zero-day exploits rounding out the top five.

The impacts of a DNS attack are four-fold: internal and external app downtime, brand damage and loss of revenue.

EfficientIP noted that telcos were prime targets for hackers given their reliance on IP-based networks and the huge amount of valuable data they hold.

However, it said they had applied on average just four of the 11 critical patches recommended by the Internet Systems Consortium (ISC) in 2016.

Speaking to European Communications, Hervé Dhelin, SVP Strategy at EfficientIP, described the lack of patching as “the most annoying” result that the survey had thrown up.

He said: “[Telcos] will have hundreds of DNS servers, with load balancers and firewalls in front.

“Each time they need to do maintenance, they need to update a lot of servers.

“It takes time and unfortunately they’re using one tech.”

Dhelin noted that a reliance on one type of infrastructure, such as the cloud, meant it was “open bar for a hacker” once a vulnerability was published.

“What we’re telling customers is don’t just use one tech – it’s a single point of failure,” he said.

According to Dhelin, the problems are mainly cultural.

In particular, he pointed the finger at outmoded thinking around firewalls being sufficient to protect DNS servers.

“This doesn’t work!” Dhelin said.

“A firewall is an external software trying to understand what is happening inside a DNS server – but there are several services inside and until you know which one is under attack you don’t know what to do.”

Looking ahead, Dhelin said the arrival next year of GDPR would “change the game” given businesses have 72 hours to report attacks that have happened.

“We will discover that more and more companies suffer data breaches,” he predicted.

Read more: BT Security CEO on red teaming, response times and protecting nation states

More News

Iliad enters content game in France, finally launches Italian mobile business Iliad enters content game in France, finally launches Italian mobile business Iliad has acquired football rights in France and launched its opco in Italy as it looks to reboot after a disappointing set of financial results. More detail
Three UK appoints new CCO, CFO Three UK appoints new CCO, CFO The departure of Three UK's Chief Commercial Officer after just 18 months in the job has triggered a shake-up of the mobile operator's top team. More detail
TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk has agreed to sell 80,000 business customers to rival Daisy Group in a £175 million deal. More detail
A1 Telekom Austria Group rebrand reaches Bulgaria A1 Telekom Austria Group rebrand reaches Bulgaria Bulgaria is the third A1 Telekom Austria Group opco to get rebranded as the telco looks to market itself as a provider of "advanced" IT, IoT, cloud and content services. More detail
Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services has expanded its work with Dobroflot by developing a customised IoT solution for the Russian fishing company. More detail
    

@eurocomms