The Expert View: Combatting Cyber-Threats at Scale

As cyber-threats grow in sophistication and scale, organisations face mounting pressure to adopt proactive and coordinated defences. One critical, but often overlooked, issue is DNS security. For example, ‘lookalike domains’ - domain names that resemble official ones at first glance - are used in two-third of phishing campaigns.

 

Gary Cox, Senior Manager at Infoblox, introducing a TEISS Breakfast Briefing at the Goring Hotel in London, emphasised the opportunity. He told attendees, senior security experts from a range from sectors, that “bringing a deep knowledge of the DNS protocol into security allows you to get ahead of what threat actors are doing.”

 

A challenging landscape

The conversation began with a discussion of the challenges of securing an organisation in today’s rapidly evolving threat landscape. While organisations aspire to stay ahead of threat actors, many participants acknowledged that adversaries often remain one step ahead. The intelligence gap - where threats are identified too late - was a recurring concern.

 

Meaningful risk assessment, attendees agreed, demands a clear understanding of the threats being blocked and the vulnerabilities being targeted. Some attendees said that securing the perimeter was now such a challenge that it might be better to put resources elsewhere instead. Focusing inward, one protecting internal systems and critical data—might offer greater returns.

 

Wherever resources are allocated, a perennial challenge is getting the board to understand the importance of a comprehensive security plan. Attendees agreed that board members are now more likely to have some understanding of security but said that it is still important to talk to them in business-friendly language, rather than technical jargon.

“Fear is of limited value as a motivator,” noted one participant. Once initial urgency fades, leaders need a compelling rationale to sustain investment.

 

The DNS threat

Moving on to the topic of DNS security, attendees agreed that it can be a challenge to deal with the scale of the problem. Lookalike domains, which exploit human error and mimic legitimate websites, are a favourite tool of criminal gangs and nation states. Attendees debated the need for stronger monitoring of supplier and partner domains, given that attacks often exploit these external vulnerabilities.

 

“Newer brands may rely entirely on apps, bypassing traditional websites,” one delegate observed, “but this doesn’t eliminate all threats.” The consensus was clear: DNS threats demand vigilance across the entire ecosystem, including supply chains and critical partners.

 

When it comes to solutions, attendees highlighted opportunities and challenges. Craig Sanderson, VP of Government and Compliance Solutions at Infoblox, discussed the company’s collaboration with a national government to establish a service that blocks malicious domains at the ISP level. Such measures could prevent consumers from even accessing dangerous sites.

However, concerns were raised about the unintended consequences of overzealous blocking, which can cripple businesses if legitimate domains are mistakenly flagged. Furthermore, a government-level intervention could complicate existing regulatory structures.

 

The double-edged sword of regulation

Though many attendees were cautiously positive about regulation, some felt that they could be overly punitive, targeting the victim of an attack rather than the perpetrators. “For banks, it can feel like the regulator is set up against them,” one participant remarked, arguing for a more balanced approach that considers customer accountability.

 

Government standards and accreditations were seen as double-edged swords. While they drive improvements, they also impose additional compliance burdens, particularly for industries like finance.

 

Nevertheless, attendees were keen on the idea of greater standardisation. A single DNS security blueprint, for example, would allow organisations to pursue the same standard for best practice.

 

The discussion also touched on the potential for centralisation in cyber security. It used to be the norm for every business to have a safe in the office, said one attendee, but centralised banking removed that need. Perhaps ‘centralised compute’ could one day replace the need for organisations to have individual security infrastructures.

 

The journey to progress

As one participant observed, criminals are highly organised, and businesses would benefit from trying to be more collaborative in response. Building stronger, more collaborative networks could enable businesses to respond more effectively to the evolving threat landscape.

 

Closing the briefing, Craig Sanderson reflected on how far the industry has come in the last decade. “Ten to fifteen years ago, many of the tools we take for granted today were considered impossible,” he noted. While the path to robust cyber security is long, the mindset is clearly shifting.

 

The takeaway was clear: proactive defences, greater collaboration, and a commitment to evolving standards will be essential in combatting cyber-threats at scale. For organizations navigating this challenging terrain, DNS may just hold the key to getting one step ahead.

---

To learn more, please visit: www.infoblox.com