According to the report, 83% of Global 2000 organizations have not adopted basic domain security measures such as registry lock, which puts them at risk for domain name hijacking. The report indicates a wide industry disparity in domain security maturity with information technology and media and entertainment industries more likely to embrace available security controls, while industries such as materials and real estate trail behind.
“These security shortfalls are the direct result of not executing proper domain security techniques. Domain security cannot be an afterthought, and there needs to be a conscious effort to make this an intentional and critical part of every company’s overall cyber security posture, especially as criminals evolve their attack methods,” says Mark Calandra, executive vice president for CSC DBS. “As companies move to more online business models, it’s essential to use defense-in-depth practices to proactively manage, secure, and defend the foundational internet-facing components of your digital brand presence.”
Additional highlights from the report include:
- Four out of five Global 2000 companies are severely at risk and exposed to domain name and DNS hijacking due to a lack of registry locks. Unlocked domains are vulnerable to social engineering tactics, which can lead to unauthorized DNS changes and domain name hijacking.
- 53% of the Forbes Global 2000 use retail-grade domain registrars, putting them at greater risk for phishing, social engineering, and attacks while complicating compliance demands. The management of the overall domain name portfolio by a reputable corporate registrar versus a retail registrar will make the adoption of domain security standards much easier to implement and monitor.
- Only 20% of Global 2000 companies use enterprise-grade DNS hosting. Lack of DNS hosting redundancy and using non-enterprise-level DNS providers poses potential security threats like resiliency to distributed denial of service (DDoS) attacks, as well as down time, and revenue loss.
- 97% of the Global 2000 don’t use DNS security extensions (DNSSEC), which means the majority of companies are prone to cache poisoning attacks. Lack of deployment of DNSSEC leads to vulnerabilities in the DNS, which could include an attacker hijacking any step of the DNS lookup process.
- Domain-based message authentication, reporting, and conformance (DMARC) use is only at 39% for the Global 2000 companies. DMARC is an email validation system designed to protect a company’s email domain from being used for email spoofing, phishing scams, and other cyber crime.
A core division of CSC, DBS is the trusted provider of choice for the Forbes Global 2000 and is the only enterprise-class registrar with a comprehensive set of solutions focused on defending businesses from targeted threat vectors to their domain names, DNS, and digital certificates. Moreover, the organization detects and mitigates online brand abuse, infringements, and fraud with the latest machine analysis and scoring technology to perform global enforcement, including takedowns and advanced techniques in internet blocking.
If you’re a member of SANS, to learn more, join CSC and SANS for a webinar Friday, June 19. Register here.
External links:
- Download the report here
- Domain Security Report blog post
- Infographic for Domain Security Report
About CSC
CSC is the trusted provider of choice for the Forbes Global 2000 and the 100 Best Global Brands® in enterprise domain names, domain name system (DNS), digital certificate management, as well as digital brand and fraud protection. As global companies make significant investments in their security posture, CSC can help them understand known security blind spots that exist and help them secure their digital assets. By leveraging CSC’s proprietary solutions, companies can get secure to protect against cyber threats to their online assets, helping them avoid devastating revenue loss, brand reputation damage, or significant financial penalties because of policies like the General Data Protection Regulation (GDPR). CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—taking a holistic approach to digital asset protection, along with fraud protection services to combat phishing. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.