sb-au logo
Story image

Telcos plagued by DNS attacks, but budgets should focus elsewhere

14 Jan 2021

This year may well bring a rise in security budgets for telecommunications firms as they invest in more robust security to protect themselves against threats, including DNS service attacks that cause headaches for those in the industry.

A recent Annual Industry Survey found that DNS services suffered the most attacks in 2020, with 16% of respondents reporting DNS service attacks on their organisation. Network infrastructure attacks, particularly on bandwidth and network protocols also topped the list (15%), followed by on-premise application and infrastructure attacks (11%).

 47% of respondents said they were focusing on defending against volumetric DNS DDoS attacks, followed by protecting against advanced DNS attacks, such as DNS random subdomain attacks, DNS protocol attacks, and DNS protocol abuse.

However, DNS services are not the most difficult to protect against attacks - instead, cloud infrastructure and cloud-based apps are the biggest security headache, according to 24% of respondents. DNS service protection was listed fourth, while network infrastructure elements and on-premise applications and infrastructure were more of a hassle.

“What is most attacked, or hardest to defend, is not always the same. That means smarter decisions need to be made how to spend security budgets,” comments F5 senior director of solutions engineering, Bart Salaets.

In order to protect themselves against these threats, 76% of respondents noted that they would maintain or increase security spending in the year ahead. 

This spending will be focused on a few key areas: Network layer security, user control and access protection, and application security.

“As digital transformation deepens, telecoms businesses, in particular telecoms operators, are becoming more like IT companies. Therefore, their security strategies should broaden from defending the network infrastructure to the whole system, covering both on-premises assets and those in the cloud,” explains Salaets.

When respondents migrated to cloud, telecommunications firms often look to security services offered by public cloud providers (27%) of respondents, while 25% use managed cloud-based security services. Further, some (29%) don’t plan to migrate to the cloud at all.

“The reasons that the telecoms industry has found cloud infrastructure and cloud applications particularly hard to defend might come down to the fact that cloudification is new for most telecoms companies, and that cloud adoption forces them to think beyond traditional security perimeter models,” says Salaets.

The survey also asked respondents what areas could need additional application-level protection. More than half of respondents named OSS/BSS systems as needing this type of protection. 

Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Malware vendors look to marketing to spread Android RAT
What happens when an Android malware vendor teams up with a marketer? It turns out the answer is quite a lot.More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More