In this two-blog series, I take a mostly, non-technical look at the technology at the heart and soul of the Internet - the modest DNS or Domain Name Service - and examine why, instead of only focussing on the "coolest of toys" in cybersecurity, investing in DNS may offer far better value.
In this blog, I explain the humble and ever-pervasive DNS and start to expand on the value proposition of implementing DNS, correctly, I must stress, to the business.
Who should read this?
It's a fact that cyber-attacks are only going to increase in both frequency and their negative impact on business. Consequently, it's a fallacy to label cyber threats and cybersecurity issues as technical nuisances. While there are examples galore of this, let's quickly examine two:
- Equifax’s former Chair and CEO, Richard Smith, knows too well the consequences of not prioritising cyber risk. He was dragged in front of the US Digital Commerce and Consumer Protection Subcommittee on Capitol Hill to explain how cyber criminals managed to steal over 147 million records of personal information.
- Closer to UK and Europe is the now-infamous TalkTalk hack, characterised by the car-crash series of interviews of their then-CEO, Dido Harding. Dido, inadvertently manufactured one of the most case-study-friendly-fodder, for business colleges and cyber practitioners, on “How NOT to Respond to a Data Breach”.
Consequently, it should come as no surprise that senior executives and board members everywhere are starting to demand visibility of cyber risks on their conventionally cyber-void risk dashboards. No business wants to become the next to fall from grace.
Why? If not for straight-forward negligence, the basics are often ignored in favour of more glamorous and futuristic technologies and systems. When technology is not the key focus, organisations end up spending effort and time on chasing and obtaining industry certifications like the ISO 27001:2013 and others.
For example: Ukraine's electricity grid was attacked when winter's wrath was at its peak, in December. It is still considered as one of the most advanced and complex attacks as it caused actual physical damage. The damage to the hardware was irreversible! I urge you to read that again. The damage to the physical hardware was irreversible.
For cyber criminals to succeed in this attack, the following had to happen:
Warning! Don't be fooled by the words "basic" and "fundamentals" - None of these words implies that getting the basics is easy. There would be a significant reduction in cyber controls if fundamental security controls were easy to implement. We cover this topic and much more in our "Blueprint for Cyber Resilience" workshop here.
When discussing basic technology controls most readers would probably think of the universally-used terms, Anti-Virus and Firewalls.
DNS is a crucial technology that glues together the whole of cyberspace. Every bit of other technologies out there, including but not limited to smart phones, tablets, smart watches, smart cars, webcams, smart TVs and more, wholly rely on DNS to function.
Google's Human Friendly Address | Google's Real Address (IP Address) | |
Google.com |
|
However, our relentless search for new or “sexier” technologies and tools has meant that DNS has been left alone, toiling in the basement, forever only fulfilling its conceptual capability, that of translating a domain name, such as Google.com, to an incomprehensible number or IP address.
Criminals Rely on DNS too!
A well-configured DNS serves as an early and reliable indicator of malicious activity from inside or outside of your organisation. Furthermore, it can be used to stop this activity at an early stage.
Given that almost everything and everyone, including criminals, rely on its capabilities to translate a domain name to a complicated number, DNS provides deep visibility into known and unknown activities within an organisation.
Cyber criminals use DNS too. How? They use DNS:
Put another way, if criminals rely on DNS to succeed, the converse must be true too. DNS is an effective and robust first-line-of-defence tool and should be used to detect and protect against various types of cyber attacks.
On March 23, 2018, I (Amar Singh, CEO of Cyber Management Alliance Ltd) was joined by Nominet’s Adam Gladsden and Cyber Management Alliance’s own ethical hacker on a Webinar titled, “First – Fix the Plumbing - What’s broken in cyberspace and How to Fix it”.
We discussed in more detail the importance of DNS to a business and how easy it was for malicious hackers to hack DNS. Click here to watch the webinar.
If it works, why fix it?
That is one of the inherent problems with DNS. It just works. When you type in cm-alliance.com or google.com, you don't have to know the real IP address. DNS just does all the hard work for you.
However, there is more, much more that a well-configured DNS can do, including:
Though many do not understand and appreciate its significance, when it comes to cybersecurity and cyber resilience we must give the humble DNS its deserved importance in building a cyber-resilient business. Technical or not, senior executives in charge of managing cyber risk must discuss DNS with their internal technical teams or third parties.
Remember, I am writing a follow-up blog on DNS. Bookmark this page now.
Start Your Response Planning Now!
In addition, if you are running a business, of any size, consider getting all the middle to senior management trained on how to plan and prepare for a cyber-attack. All layers of management must have basic security awareness and the knowledge required to make their organisations more cyber-resilient.
To begin planning your incident response, you can download our Cyber Incident Planning & Response mind-map here. We also created an Action Checklist to help you on your journey. You can download the checklist here.