By Ken Linscott, product director
Domains and Security Share this post
The outbreak of COVID-19 has caused worldwide disruption—for whole nations and their economies. Unfortunately, there will be some side effects for businesses.
- A number of brands will disappear from the streets and shelves, as businesses that fail to weather the storm will have to fold.
- Companies that do survive will likely focus more on their core markets, pulling brands out of higher risk, less profitable markets.
- As vulnerable businesses look to stay afloat, and stable brands look for a bargain, there’ll likely be an increase in mergers and acquisitions.
It’s with this retraction or convergence of brands where cyber criminals will take advantage. An unfortunate truth is that, whenever disaster hits, cyber criminals are ready to capitalize on the emerging crisis to make fast money, and COVID-19 is no exception.
There is much evidence suggesting an increase in cyber attacks during the COVID-19 pandemic—and the method of particular concern for folding, contracting, or merging brands is that of abandoned domain names.
The reason for this is that abandoned corporate domain names carry a footprint of digital activity that can be leveraged as an attack vector. The domain name, together with its domain name system (DNS), are the foundation of any business and brand, enabling websites, email, virtual private network (VPN) access, and possibly even voice-over IP. Herein lies the risk.
According to a recent article published by CSO Online, researchers attempted to understand the impact of letting an old domain expire by re-registering merged or acquired companies’ expired domains and setting up email servers. Soon after doing so, the researchers began receiving an influx of emails, including confidential information like bank correspondences, invoices, sensitive legal documents, and LinkedIn® updates.
This shows that, without actually hacking into a company’s systems, a re-registered domain name not only gives the new registrant instant access to emails, but also the ability to reset passwords to accounts—including management or financial portals, databases, and social media. This can expose a business to phishing attacks, data leaks, social engineering, and more.
It’s also possible to reinstate an old web shop to take new orders and payments without actually fulfilling them, and take over email marketing accounts to conduct phishing campaigns. Many users reuse old passwords, and just one compromised account can lead to further breaches on other accounts.
So what’s the solution for brands in a state of change following COVID-19? How do you protect the assets of a brand axed due to budget cuts, or those of a company just acquired? Companies face a dilemma—do they retain and renew every single domain name just to be safe, or downsize their portfolio at a time when budgets are tight?
The first option of retaining or renewing every domain may seem like the safest option, but doesn’t help you fulfill the directive to reduce your budget. CSC’s holistic, four-step digital optimization framework is designed to review a client’s digital assets, including auditing (so you know what you own), and rationalizing the domain name portfolio for better management and return on investment.
Undertaking digital optimization alone is a challenge with which many companies struggle. In the case of a merger or acquisition, this challenge is compounded when different departments take over existing accounts, or employees leave the company, taking their knowledge (and passwords) with them. When a company isn’t aware of the full extent of its digital footprint, it risks abandoning the domains that matter, and therefore increases the risk of cyber attacks.
CSC’s methodology makes the whole process easier, and enables us to overcome one of the biggest challenges: identifying the most vital domains a company owns. CSC Security Center®—our proprietary tool based on advanced algorithms—helps identify the most vital domains, removing the guesswork from the process, and ensures that critical domains and those with a digital footprint are never abandoned.
Our digital optimization approach looks at a client’s trademark rights, the markets in which they operate, and even goes as far as to consider the ability to recover domains from third parties.