83% of the Forbes Global 2000 lack basic domain name security measures
The latest CSC report shows that there are serious problems in the practice of corporate domain name security, which leads to the exposure and risk of digital assets on the Internet, including domain name and DNS hijacking, phishing, and other fraudulent activities.
According to the report, 83% of the Forbes Global 2000 worldwide have not taken basic domain security measures, such as domain name registration lock, which exposes them to the risk of domain name hijacking.
The report shows that the industry has a huge gap in the maturity of domain name security. The information technology, media, and entertainment industries are more likely to accept the available security controls, while industries such as materials and real estate lag behind.
The report points out that these security vulnerabilities are a direct result of the failure to implement appropriate domain name security technologies. With the continuous development of criminal attack methods, domain name security should become a key part of each company’s overall network security strategy.
Additional highlights from the report include:
- Unlocked domains are vulnerable to social engineering tactics, which can lead to unauthorized DNS changes and domain name hijacking.
- 53% of the Forbes Global 2000 use retail-grade domain registrars, putting them at greater risk for phishing, social engineering, and attacks while complicating compliance demands. The management of the overall domain name portfolio by a reputable corporate registrar versus a retail registrar will make the adoption of domain security standards much easier to implement and monitor.
- Only 20% of Global 2000 companies use enterprise-grade DNS hosting. Lack of DNS hosting redundancy and using non-enterprise-level DNS providers poses potential security threats like resiliency to distributed denial of service (DDoS) attacks, as well as down time, and revenue loss.
- 97% of the Global 2000 don’t use DNS security extensions (DNSSEC), which means the majority of companies are prone to cache poisoning attacks. Lack of deployment of DNSSEC leads to vulnerabilities in the DNS, which could include an attacker hijacking any step of the DNS lookup process.
- Domain-based message authentication, reporting, and conformance (DMARC) use is only at 39% for the Global 2000 companies. DMARC is an email validation system designed to protect a company’s email domain from being used for email spoofing, phishing scams, and other cyber crime.
