CISO Strategic Insight
DNS manipulation is a classic attack vector that Zero Trust was designed to eliminate. The 2026 Zero Trust Hub details how to verify every request and prevent lateral movement across your network.
Force your End Users to use “your site”OK OK, this is not real hacking but it’s fun 🙂 As well as there are some attack types, where the browser is been hijacked so the User can’t go to some specific web pages or the user will be forced to open that page as soon as they use they Internet browser, where the user will be directed to the FAKE/ phishing web page or malware loaded local site)
By default, when a Windows PC User tries to open a website from a browser, Windows will try to resolve the website name to its IP address from the local DNS cache.
The local cache is stored :
C:\Windows\System32\drivers\etc\hosts
If this fails, it will query the host file and if there is no entry to the website there , then it will contact the DNS server which is set up in your NIC (Network Card) .
If there is any entry in the local cache , the PC will load or block that site depending on your settings. To make sure there is nothing in the DNS cache, you have to clear it so the little fun trick can work on your “victim” user or if you can :
open CMD and type “ipconfig /flushdns” or restart the DNS service from the services tab.
Open the file via typing “C:\Windows\System32\drivers\etc\hosts” in to the search area in your start menu
This will open the HOST File for you ( it will ask you, how you want to open the file type, select via NOTEPAD) , which is inside the “etc” section of your drivers
add an entry as below:
127.0.0.1 domainname.com
(domainname.com being the website you want to block. Save the hosts file outside the etc folder and then move it there, replacing the older version, as Windows won’t let you save the file there directly. Also make sure there’s no extension like .txt at the end of the file name)
This way whenever a user tries to go to anything.domainname.com, their browser redirects them to 127.0.0.1 which is the local host. Or maybe you can redirect them to an HTML page stating the reason why that page is blocked from within your organization.
PS: It’s always a good practice to “copy the original” HOST file, so when the FUN is over, everything can be loaded to its original state.
Enjoy 🙂
CISO Insight
Cybersecurity is not a product you buy or a project you complete — it is a continuous operational discipline. Organisations achieving genuine maturity embed security thinking into every business decision, invest in people and processes alongside technology, and build resilience for when preventive controls inevitably fail.
The Evolving Cybersecurity Landscape
The threat landscape continues evolving at a pace challenging even well-resourced teams. AI-powered attacks, supply chain compromises, ransomware-as-a-service, and state-sponsored campaigns create a multi-dimensional environment no single technology addresses. Organisations defending most effectively take a risk-based approach — understanding which assets are critical, which threats most likely, and where investments create greatest impact. For CISOs, translating complexity into actionable strategy requires quantifying cyber risk in business terms, prioritising based on risk reduction, and communicating in language that resonates with non-technical stakeholders.
Building a Defence-in-Depth Strategy
Effective cybersecurity requires layered defences addressing the full attack lifecycle. No single control is sufficient; every control can be bypassed by determined adversaries. The goal is creating enough layers that attackers must overcome multiple independent defences, while ensuring detection and response capabilities contain breaches before catastrophic damage. The most common mistake is treating security as a technology problem. The fundamentals — patch management, access control, security awareness, incident response planning — prevent more breaches than advanced technology.
Frequently Asked Questions
What is the biggest cybersecurity mistake organisations make?
Buying tools without coherent strategy, skipping basic hygiene for advanced solutions, and failing to invest in people and processes. Fundamentals prevent more breaches than advanced technology.
How should CISOs prioritise security investments?
Start with risk assessment identifying critical assets and likely threats. Prioritise highest-risk scenarios. Ensure basic hygiene before advanced capabilities. Use NIST CSF or CIS Controls to structure your programme.
Related reading: Visit our Cyber Resilience Hub or download the CISO Toolkit.