The year 2022 is coming to a close, and with every year-end, the internet is filled with trends, predictions, or prophecies for the future. Many focus on past trends to predict the future, but what companies should focus on is security over the long-term—implementing top security measures to mitigate any upcoming threat, even unknown threats.
The pandemic, the war in the Ukraine, the geopolitical instability, supply chain issues, a tight workforce market, and global warming create a long list of challenges for businesses that is long and exhausting. Those uncertainties were the perfect opportunity for cybercriminals.
During the COVID-19 pandemic, CSC and many other cybersecurity-focused organizations saw a massive increase in phishing attacks. CSC released a study in January 2022 that analysed nearly half a million COVID-related web domains for threats to brands due to their persistent brand infringement patterns and behaviors. The results enforced that cybercriminals were taking advantage of the crisis.
Earlier this year, the United States suffered a baby formula shortage which stemmed from a product recall from a top manufacturer in this field. Almost one year on, the shortage hasn’t ended, leaving parents stressed and worried about safely feeding their infants. Research published by CSC in July 2022 indicated yet again that fraudsters took advantage, and are still taking advantage, of the baby formula shortage to target consumers with fake, branded domain names resulting in potentially real concern for consumers in terms of product safety, phishing attacks, financial hardships, and data exfiltration—including concerns for the companies that own these brands.
Fraudsters, cybercriminals, hackers, and hacktivist will continue to look out for new crisis, brands that hit the news, controversial industries, and prey on vulnerable individuals. The internet is also continuing to grow—not only the population using it, but the way we’re using it. Businesses need to begin focusing on the long-term threat landscape that is fast evolving and getting more and more sophisticated.
Domain security is a long-term risk mitigating measure. And here is why:
Domains are the foundation of a brand’s online presence. They’re a bit like a house. If the foundation is weak, you’ll see cracks form in the walls and windows, and doors may fail to open. If not fixed, these cracks can lead to catastrophic damages.
Therefore, domain security is primordial. Most cyberattacks start with phishing. Companies can apply sophisticated monitoring, detection, and mitigation solutions, yet that’s a bit like slapping some fresh paint onto your house. The foundation is still weak! The actual domains need to be secured. It’s as simple as that.
Step 1: Partner with an enterprise-class registrar
Enterprise-class registrars specialize in working with corporations and brand owners that require advanced business capabilities, expertise, and support staff in relation to domain and domain name system (DNS) management as well as security, brand and fraud protection, data governance, and cybersecurity.
Step 2: Apply domain security protocols
Deploy registry lock, certificate authority authorization (CAA) records, DNS redundancy, DNS security extensions (DNSSEC), sender policy framework (SPF), domain keys identified mail (DKIM), and domain-based messaging, authentication, reporting, and conformance (DMARC).
Step 3: Monitor and enforce proactively
CSC’s 3D Domain Security and Enforcement technology detects the registration, re-registration, and dropping of domain names containing brand terms and other keywords of interest—including variants like fuzzy matches and character replacements—across a wide range of extensions. This enables businesses to identify and mediate the risks associated with infringing third-party domain registration activity.
Step 4: Go one step further
At CSC, we believe every company should have access to its domain security intelligence, so we developed the industry’s first holistic approach for securing and defending brands’ domain ecosystems—DomainSecSM. DomainSec is a SaaS cybersecurity platform using proprietary technology and combining machine learning, artificial intelligence, and clustering technology to enable the security heuristics, including leading indicators of compromise. In bringing domain management and domain security, along with brand protection and fraud protection solutions into one platform, CSC can offer businesses and organizations exponentially better protection and help refine their zero-trust security model, taking them beyond just safeguarding perimeters.
In a world of uncertainty managing cyber risk has never been more important. Ask your domain registrar or a CSC representative for a domain security gap analysis and apply all security measures necessary.