The National Security Agency and Cybersecurity and Infrastructure Security Agency recently issued guidance on protective Domain Name System (DNS), a clear sign that edge-layer protection and DNS security are becoming a high priority for modern businesses.
Jennifer Ayers, chief operating officer of DNSFilter, has over 20 years of cybersecurity experience. We asked her what these guidelines mean for businesses and how they can protect their digital assets.
Jennifer Ayers
Chief Operating Officer, DNSFilter
What are some of the reasons behind the increasing number of sophisticated cyberattacks across all industries? Why is ransomware such a huge threat right now?
Sophisticated attacks have been increasing year over year. This has been reported many times, and the “why” hasn’t ever changed — but reporting through media channels has certainly made the attacks more visible to a wide audience. For cybercrime attacks, the No. 1 motivator is money. More companies are choosing to pay ransoms, so cybercrime has become more profitable than ever before. We are now regularly seeing hackers demanding ransoms for millions of dollars. It has been a repeatedly successful enterprise for these criminal actors.
Additionally, the rise of cryptocurrency provides hackers an additional layer of anonymity when they collect ransoms, since they are accepting payment in blockchain and cannot be tracked. This has been a dream for creators of ransomware — an easy way to collect payment and disappear into the night.
Because of the new ubiquity of cryptocurrency, the fact that the majority of cybercrime is cross-border, and because it’s difficult to actually identify bad actors’ true identities, the harsh reality is that cybercriminals are rarely prosecuted. Just like with “real-life” crime, the likelihood of getting caught is the largest deterrent to committing the act. If someone could rob a bank every day and never get caught, would there be more or less bank robberies?
Lastly, the marked increase in cyberattacks between 2019 and 2020 was, in my opinion, driven by the shift to a remote work environment. This rapidly transformed how businesses were managing their network security, firewalls, etc, and so it created new entry points into previously closed environments for hackers to exploit.
From your experience, what would you say is the most common reason businesses fall victim to cybersecurity attacks?
Human error and lack of layered security systems. All too often, it’s a failure to have the basics — or a failure to follow basic procedure. So that means they’re either not implementing the cybersecurity protections they should be, or they don’t take their own cybersecurity policies seriously. In a recent study done by the Global Cyber Alliance, 33 percent of data breaches could have been stopped with a simple approach like DNS security alone. That tells me organizations aren’t blocking their users from clicking harmful websites, which is a quick place to start since malware and phishing attacks are spread through website domains.
Human error can be corrected with training, but it needs to be continuous. Text-based phishing is on the rise, but few companies train on how to spot it. Cryptojacking is on the rise, but few companies are monitoring their systems for potential signs of it. The hacker community moves quickly, so your internal security teams need to as well, and then disseminate that information across your organization.
What are the best practices and tools that business leaders and security teams can implement to make sure they are protected from the increasing number of sophisticated attacks?
Make sure your foundation is solid and that it can easily transition from in-the-office to remote, if you’re not 100 percent remote already. The foundational items I’m talking about are security solutions like DNS security, anti-virus, MFA/2FA, firewalls, and password managers. But it also comes down to situational awareness: Patch everything, rely on user-based access and have privilege escalation in place, and go into everything with a Zero Trust mindset.
Creating a culture of cybersecurity awareness is really important. It’s not just about having the tools in place, it’s also about explaining why this is even important for your organization — many legacy industries only dedicate a tiny portion of their IT budget to cybersecurity, which is no longer tenable in these times. It’s also necessary to empower the people in your organization to take action when they see something suspicious. Breaches can be caught a lot sooner or avoided entirely when employees buy into the cybersecurity culture. But they need to be in on that conversation.
How pervasive are DNS-based threats?
I mentioned it earlier, but it has been reported that over one-third of data breaches can be stopped with DNS security. And that’s only looking at the successful data breaches, not just the attempts. On our network alone, we block over 1 million deceptive sites every single day in a range of categories that include phishing, malware, ransomware, and botnet domains.
One of the biggest indicators of a malicious domain is that a site is brand new. There are roughly 18,000 new phishing domains registered daily. Because DNSFilter scans a site in real-time to determine what category a site falls into, we catch threats earlier than other threat feed providers — nearly six days before them. And 47 percent of all the threats we catch, our competitors simply don’t. Part of the reason is that there are so many malicious domains out there. Not every service can keep up with the onslaught that is new DNS-based attacks.
DNS is simultaneously an easy layer to leverage in an attack, since all someone needs to do is set up a new domain and house their malware or phishing scheme there, but it’s also a powerful layer to protect, since the number of threats that rely on DNS to be distributed is so high.
If a company falls victim to a cyberattack, what are the critical first actions to take?
Preparation for these types of attacks is really the first thing to do. Cyberattacks are well known by now and should be considered part of a company’s crisis management scenario. Things such as disaster recovery, testing the plan (table top exercises), critical system backups, etc.
But in absence of the plan, the first thing to do is ascertain as best you can the type of attack. Different types of attacks require different responses. Rapidly spreading ransomware, for example, you would definitely want to contain infected machines as quickly as possible. This could be using installed security software, closing off internet access, or even shutting down machines.