Domain names are an essential part of any company’s intellectual property (IP) portfolio. As businesses continue to expand online, the security of their domain names becomes crucial to protecting their brand identity, customer trust, and reputation.
The latest research from CSC on the domain security practices of Forbes’ Global 2000 companies reveals a worrying trend—many companies are failing to implement key domain security measures, leaving their brands exposed to cybersquatting, domain hijacking, and phishing attacks.
Our insight paper evaluates companies based on their adoption of essential domain security protocols, such as domain-based message authentication, reporting, and conformance (DMARC), domain name system security extensions (DNSSEC), and registry lock. The findings highlight a critical gap in domain protection among even the largest and most prominent organizations.
107 of the world’s top companies are missing the mark
CSC “scored” each company in the Global 2000 based on how many of the eight domain security measures they had implemented. Out of the list, 107 companies ended up with a score of zero percent, making them the most vulnerable to domain attacks. Only one company had a score of 100% and 12 companies had a score of 7 out of 8. Unfortunately, 68% of the Global 2000 implemented less than half of the recommended security measures.
The impact of an enterprise-level registrar
One domain security measure CSC analyzed was whether the company used a consumer-grade registrar or an enterprise-level registrar. A registrar is an accredited organization or a national authority that manages the registration of domain names and maintains the associated domain name records. A consumer-grade registrar is affordable and easily accessible, suitable for most individuals and small businesses starting out.
Enterprise-level registrars are designed for larger organizations with more complex needs, offering a comprehensive suite of services—such as advanced brand protection, monitoring, and enforcement—tailored to proficiently manage large domain portfolios.
The risk of third-party domains
Advanced brand monitoring would help companies keep track of third-party domains that are registered or managed by a party other than the brand or organization it may appear to represent.
How are these third-party domains being used? Among the Global 2000, CSC’s research broke down those brands’ third-party domains into the following:
- 48% directed to advertising, pay-per-click ads, or were used for domain parking
- 33% had inactive websites
- 17% went to a live website not associated with the brand
- 2% pointed toward malicious content that could damage a brand’s reputation and customer confidence
Since third-party domains impersonate a legitimate brand, they can be used for selling counterfeit goods, email spoofing, phishing, and other forms of online fraud. This poses significant risks to a company’s revenue, brand integrity, reputation, and consumer trust.
Tracking the domain ecosystem
The figure below visualizes how different threat vectors can attack a company through its domain name ecosystem. The innermost ring in green shows where the ecosystem has its standard defenses. Websites, email, client and partner portals, as well as Voice over Internet Protocol (VoIP) are core digital assets that have at least some degree of protection, such as encryption, firewalls, single sign-on, and multi-factor authentication. Defensive domains are domains registered by companies to prevent them from being abused by third parties.
But the yellow ring in the middle shows that hijacked, lapsed, lookalike, and dormant domains could be exploited by bad actors from the outside, represented in purple. Attacks ranging from phishing to ransomware to malware can target domain names.
It’s imperative to regularly review your own domain portfolio to uncover hijacked or lapsed domains, while scanning the broader internet for lookalike and dormant domains that are being registered by third parties. An experienced enterprise-level registrar has the ability to guide your strategy in these areas.
Protect your online IP starting with domains
With counterfeit goods and brand abuse increasingly taking place online, securing your domain infrastructure is no longer optional—it’s an essential part of mitigating IP risks.
Our “2024 Domain Security Report” underscores the need for businesses to adopt enterprise-level security measures to protect their domains, and by extension, their IP. With a strong domain security posture, businesses can better safeguard their digital assets, prevent brand impersonation, and defend against the rising tide of online fraud.
You’ll also find other insights in the report, including:
- How domain security has trended over the course of the past five years
- Which industries and regions performed the best—and worst
- The essential domain security measures and their adoption trends
- Who’s being targeted the most with malicious domains
Find out how your business stacks up by downloading the full report.
