October 11, 2021
Domain Security: Reduces Enterprise Risk
By Andrew Kennedy, BITS-BPI Cybersecurity Advisor to fTLD
Entering our second full year of the global pandemic has challenged all of us to different degrees. Not only has COVID had consequential impacts on the health and wellbeing of our friends and families, but it has also tested many of our best-laid plans and assumptions in the technology and cyber realms.
As COVID moved employees offsite and customers online, bad actors seized the opportunity to attack new operational vulnerabilities and to sow chaos in online interactions and communications with customers. Estimates for phishing and spoofing attacks during COVID increased by as much as 220%, demanding renewed attention on domain security.
Domains, of course, are the human-readable internet addresses for every website and email address we use today and are synonymous with your brand and organizational reputation. Accordingly, malicious cyber actors look for every opportunity to use your brand and reputation for their own financial gain, most commonly through phishing and spoofing attacks.
In an aptly named report, “DOMAIN SECURITY: A Critical Component of Enterprise Risk Management” published in June 2021, Interisle describes domain security as “preventive measures that reduce the risk of harms or losses associated with an organization’s domain name portfolio”. These measures consider numerous types of attacks that have become routine: business email compromise, phishing, credential harvesting, DNS hijacking, etc. These sorts of attacks have become so prevalent the U.S. Department of Homeland Security issued Emergency Directive 19-01, identifying domain name infrastructure tampering as a threat to national security.
The Interisle report goes on to describe a recommended suite of security controls including, multifactor authentication (MFA) for domain administration, registry lock, Domain Name System Security Extensions (DNSSEC), digital certificate security, email authentication, and proactive monitoring as necessary to reduce the risk of domain abuse. Each of these controls reduces the surface area of a domain-based attack on a company’s brand and reputation and when implemented holistically, the risk is materially reduced across the board.
Making security its primary concern for fTLD Registry domains, each of these recommended domain security controls have been required, except registry lock which is recommended and available, from the moment .BANK and .INSURANCE were publicly launched over five years ago. As cybersecurity and enterprise risk management remain moving targets, fTLD pledges to continuously and proactively secure its (and transitively, your) domain space by staying abreast of evolving trends in cybersecurity risks and working with experts to enhance its security requirements accordingly. No other registry, and certainly not any of the legacy domains (e.g., .COM, .ORG), offer such a commitment.
When considering strategic investments in your online brand and reputation it makes sense to partner with a registry that understands your risk profile and is dedicated to staying ahead of cyberthreats. fTLD’s .BANK and .INSURANCE domains, and their enhanced security controls, are uniquely positioned to minimize your organization’s domain-based risk.