Measuring the Effectiveness of Digital Hygiene using Historical DNS Data

TL;DR

This study evaluates a digital safety intervention's effectiveness in Central Asian CSOs by analyzing DNS traffic data to determine if it improves security posture against malware attacks.

Contribution

It introduces an experimental design using DNS data analysis to assess digital hygiene interventions in high-risk organizations.

Findings

Early DNS data shows potential for measuring intervention impact

Comparison between treatment and control groups underway

Methodology supports future digital hygiene effectiveness assessments

Abstract

This paper describes an ongoing experiment evaluating the efficacy of a digital safety intervention in six high-risk, low capacity Civil Society Organisations (CSOs) in Central Asia. The evaluation takes the form of statistical analysis of DNS traffic in each organisation, obtained via security tools installed by researchers. The hypothesis is that the digital safety intervention strengthens the overall digital security posture of the CSOs, as measured by number of malware attacks intercepted by a cloud-based DNS firewall installed on the CSOs networks. The research collects DNS traffic from CSOs that are participating in the digital safety intervention, and compares a treatment group consisting of four CSOs against DNS traffic from a second group of two CSOs in which the intervention has not yet taken place. This project is ongoing, with data collection underway at a number of Central Asian CSOs. In this paper we outline the experimental design of the project, and look at the early data coming out of the DNS firewall. This is done to support the ultimate question of whether DNS data such as this can be used to accurately assess the efficacy of digital hygiene efforts.