Computer Crime Research Center


Going Back to Basics to Fix Our Broken Approach to Cybersecurity

Date: January 05, 2022
Source: Computer Crime Research Center

Cybersecurity has garnered plenty of mainstream attention lately but for all the wrong reasons. The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end users are never even aware of them. So when ransomware suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.

The extent of the problem is borne out in the statistics. The total number of companies that suffered data breaches in 2020 was 1,108, a high that was already exceeded by the end of September, when the total rose to 1,529 (a 17-percent increase) and the year isn’t even over! Supply chain attacks are also on the rise, but are often a woefully overlooked attack vector in an organization’s security stack. A recent survey revealed that 83 percent of organizations suffered an operational technology breach during the previous three years.

The uptick in major breaches and ransomware incidents has already affected spending priorities, prompting 91 percent of organizations to increase their security budget in 2021. While this is a positive development overall, it underscores the futility of simply throwing more money at a broken system. If a fundamental change isn’t made to their existing security stack, these companies will continue to fall victim to the same threats they always have. It is a cat-and-mouse game that they will always lose.

So that’s the bad news. The good news is that by augmenting our cybersecurity focus on a fundamental feature of internet architecture, we can start protecting ourselves in a proactive manner. Organizations often view cybersecurity as a wall around their organization’s network, keeping all of the nasty bits of the internet at bay while their critical data stays safely protected within. Unfortunately, in the modern landscape, a determined threat actor will eventually find a way to bypass their target’s defenses? whether by taking advantage of an unpatched exploit, successfully carrying out a phishing scam, or exploiting a compromised device on the network (an avenue that is gaining momentum as more devices join the Internet of Things). Cyber criminals are now organized to an unprecedented degree, allowing them to launch coordinated attacks tailored to their target.

To properly address the new breed of cyber threats, we must approach network protection from a more foundational level. Protective DNS (PDNS) solutions use the Domain Name System to alert and/or block communication with domains associated with bad actors. At some point during every attack, whether the threat is external or coming from within your own network, the malware, ransomware, or other intrusion needs to communicate with an external domain for instructions and attack progression, often referred to as “command and control.” These communications use DNS to identify the external domains. That’s what makes protection at the DNS level so versatile and effective.

There are a plethora of PDNS solutions available on the market, but not all are created equal. The most basic PDNS rely on block-and-allow lists compiled from publicly available security sources. Essentially, malware is distributed, someone gets hit, and then everyone else races to block the domains involved. These legacy and basic solutions revolve around a “hope-and-pray” strategy that the organization isn’t one of the unlucky ones impacted by an attack before a block-list is updated.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo