Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Photo: Justin Sullivan/Getty Images
According to a new report by the nonprofit Global Cyber Alliance (GCA), up to one-third of hacking between 2012 and 2017 could have been detected if businesses had used a more secure version of DNS — a service that operates behind the scenes to allow web browsers to work.
Catch up quick: DNS — A domain name service (DNS) that operates like an internet phonebook, converts domain names entered by users into internet addresses read by machines.
Details: Jay Jacobs, who headed the report, worked with the researchers behind the Verizon DBIR, a thorough compendium of breach statistics, to determine that 3,668 of the more than 11,000 data breaches on file used vectors that frequently involve the use of DNS.
- That could mean things like malicious ads loaded from other websites, fraudulent websites or malware communicating with a host through a website.
- Given previous research evaluating the cost of breaches cited in the GCA study, the report estimates that using a DNS that could perfectly block sites known to be malicious could have been used to detect as much as as $19 to $37 billion of malicious cyber damage in the U.S. in 2016 or $150-$200 globally in 2018.
Between the lines: DNS is not traditionally used as a security tool. "It’s not a sexy control," Jacobs told Axios.
- Most people don't know what DNS service they use. By default, most people use ones that don't filter malicious sites.
- But free DNS services with filters do exist — including Quad 9 — a service founded by GCA itself. Switching to one of the services is a relatively simple fix — just a settings change.
- While they aren't perfect at detection, they are infinitely better than no detection. And as the DNS filters get better, so will detection rates
- "Moving forward, we'll hopefully see a lot of advancement in that space," said Jacobs.