When IDC published its Global DNS Threat Report in August 2023, the cybersecurity community took note of its stark findings: DNS had become one of the most exploited yet underdefended layers of the modern digital ecosystem.
Now, in Q4 2025, just over two years later, the report’s insights have not lost their urgency – if anything, they are even more relevant. Despite major advances in cybersecurity technologies and the widespread adoption of zero trust frameworks , the DNS layer remains a critical battleground.
We are revisiting this report because it continues to underscore what our experience has proven time and again: DNS security is not just a “nice-to-have” safeguard – it is a must-have foundation for protecting critical IT infrastructure (read more quotes and insights from experts and institutions in Experts Say DNS Security Should Not Be Ignored).
In the 2023 IDC report, 90% of organizations reported experiencing at least one DNS attack, averaging 7.5 incidents per year, with the average cost reaching $1.1 million. Fast forward to today, and while the numbers have shifted slightly, the situation remains that DNS is still being relentlessly targeted, and too few organizations are treating it as the essential control point that it truly is.
DNS-based malware, phishing, and ransomware remain dominant, with newer threats such as AI-generated domains and hybrid cloud exploitation expanding the attack surface. Multi-extortion ransomware tactics, which IDC highlighted in 2023, have now become mainstream (read Why DNS Security Belongs at the Core of Your Hybrid Cloud Strategy).
Two years after IDC’s warning, the evidence is overwhelming: DNS security is no longer an optional extra in cybersecurity strategy. It is the connective tissue between users, devices, applications, and cloud services, i.e. a central control point that both attackers and defenders rely on.
As former NSA Director Anne Neuberger noted, “Our analysis highlighted that using secure DNS would reduce the ability for 92% of malware attacks both from command and control perspective, deploying malware on a given network.”
That number alone should end any debate about whether DNS security is optional.
At Whalebone, we’ve seen first-hand how DNS observability and protection form the backbone of an organization’s security posture. Every request to the internet passes through DNS. If left unmonitored or unprotected, that pathway becomes an open door for phishing, command-and-control (C2 or C&C) activity, and data exfiltration. When secured, however, it becomes a proactive intelligence layer – one that can stop most threats before they even reach an endpoint or firewall (see Firewalls vs. DNS Security? Why You Need Protective DNS (PDNS) to Close the Gaps).
Early industry analyses of IDC’s 2023 DNS Threat Report emphasized the importance of security evolving from reactive to proactive, intelligence-driven defense and the integration of DNS threat intelligence across the security ecosystem. That principle remains at the core of Whalebone’s philosophy.
By leveraging AI and machine learning, Whalebone's PDNS provides real-time threat detection and prevention, allowing organizations to stay a step ahead of attackers. Our solutions continuously analyze DNS traffic, identifying and blocking malicious activity before it can infiltrate the network – which aligns perfectly with IDC’s recommendation for “consolidating DNS threat intelligence and observability across the security ecosystem.”
The result is not just faster detection, but prevention, achieved at the earliest possible stage of an attack.
IDC’s 2023 research revealed a startling number: 79% of organizations were not using DNS data as a source of threat intelligence. Two years later, this gap has narrowed, but not nearly enough. Many organizations still fail to tap into DNS data’s immense potential to enhance visibility, identify anomalies, and strengthen incident response.
DNS data is a goldmine of information, offering valuable insights into network behavior and potential threats. By analyzing DNS queries, organizations can identify unusual patterns that may indicate malicious activity, such as domain generation algorithms (DGAs) used by botnets or phishing sites.
At Whalebone, we help organizations turn DNS data into a living defense mechanism, and we believe in leveraging the full potential of DNS data to provide actionable intelligence.
Our solutions are designed to not only detect and block threats but also to provide detailed analytics that help security teams understand the nature of the threats they face. Our systems learn continuously, identifying subtle changes in query behavior, tracking the emergence of suspicious domains, and predicting potential threats. With these insights, security teams can respond faster, prioritize more effectively, and prevent attacks before they escalate.
This level of insight is crucial for refining security policies and improving overall resilience against cyberattacks.
The 2023 IDC report showed how every industry was affected by DNS-related attacks:
Two years later, the patterns are largely unchanged, demonstrating that the structural vulnerabilities that IDC highlighted remain unresolved in many organizations.
Whalebone continues to address these challenges with industry-tailored DNS protection, helping to ensure uptime, compliance, and resilience for critical infrastructure (learn more in PDNS: Simplifying and Aiding Regulatory Compliance for Critical Infrastructure). Whether it’s protecting patient data, securing cloud-native retail operations, or maintaining service continuity for public utilities, our solutions adapt to each industry’s risk profile.
Back in 2023, IDC was emphasizing the role of AI and machine learning in the evolution of DNS security. Since then, the technology has matured significantly – and so have attacks. For example, generative AI is now being used to create sophisticated domain spoofing and deepfake-based phishing campaigns.
Whalebone’s AI-driven DNS protection has evolved in tandem. Our systems not only block known bad domains, they learn from regional threat intelligence and behavioral analytics to predict malicious intent. This means we can detect previously unseen attack patterns before traditional signature-based systems even recognize them.
IDC’s call for integrating DNS into zero trust and Secure Access Service Edge (SASE) frameworks is more relevant in 2025 than ever before (see Beyond Buzzwords: Understanding DNS Security in a Zero-Trust Context). Organizations are now operating in hybrid, borderless environments where visibility and control are increasingly difficult. DNS offers a unified vantage point and a consistent policy enforcement layer that spans users, devices, and clouds – without the need for installation on end points.
Whalebone’s DNS protection integrates seamlessly into these modern architectures, enhancing resilience while simplifying management. Without resilient and secure DNS, even the most advanced security framework has a weak foundation.
Looking back, IDC’s 2023 DNS Threat Report reads less like a time-bound study and more like a prescient blueprint. The report’s insights remain relevant because the fundamental nature of the problem has not changed – DNS continues to be both the backbone and the blind spot of the internet.
As cyberattacks become more automated, more adaptive, and more evasive, DNS security remains one of the few layers capable of providing early, universal protection across all digital touchpoints. The conclusion remains as true now as it was then: DNS security is not optional, but essential.
At Whalebone, we’re proud to have spent far more than just the past two years advancing our proactive intelligence, machine learning–driven protection, and seamless integration with modern security architectures – capabilities that the IDC report recommended.
If you are responsible for the resilience and security of critical IT infrastructure, the reality for 2026 is this: threats are evolving, environments are more complex, and tooling lags in many areas. DNS security is critical for secure operations in hybrid and cloud-native environments.
Whalebone Immunity is designed to deliver that visibility, control, and early warning at the DNS level – not as an afterthought, but as a proactive, front-line protection layer. If you build your security strategy with that mindset, you’re significantly more resilient against the kinds of breaches that continue to impose multi-million-dollar damage on organizations every year.
If you’re ready to enhance your organization’s DNS security, Whalebone is here to help. Reach out to our team to learn how our proven solutions can close security gaps in your network, to safeguard your data and customers – with a simple and unobtrusive approach.