Uncategorized Why domain name security matters – Information Age
Technology is moving extremely fast and you don’t want to miss anything, sign up to our newsletter and you will get all the latest tech news straight into your inbox!
I want to recieve updates for the followoing:
I accept that the data provided on this form will be processed, stored, and used in accordance with the terms set out in our privacy policy.
No thanks I don’t want to stay up to date
Since the first top-level domains (TLDs) were introduced in 1980s, there have been notable developments in the domain landscape. From the first .com domain, the privatisation of the domain name system (DNS) and creation of Internet Corporation of Assigned Names and Numbers (ICANN), to the release of new generic TLDs, domains have evolved beyond their initial, functional purpose, bringing the challenge of security.
Domains today represent organisations’ digital storefronts, and are vital to any brand’s online identity. The growing influence and importance of domains in organisations’ e-commerce strategies has led to domains being viewed as intellectual property (IP) assets. According to the World Intellectual Property Organisation (WIPO), “IP assets are part of the non-physical property of a business. They are legally protected … can be independently identified, are transferrable and have an economic lifespan”. Domains not only fulfil WIPO’s criteria of an IP asset, but a recent Clarivate global survey of IT, legal and marketing senior decision makers’ views on domains’ role in IP and business revealed that 78% view domains as an important part of their IP portfolio.
Domains’ prominence as IP assets is driving increasing involvement of legal departments in domain management. For instance, legal expertise is often called upon when analysing a potential domain name purchase, with 49% using case law to support their analysis, according to Darts-ip data.
While legal teams have a role in domain management, it remains primarily the IT team’s responsibility. In reality, domains are not just IP assets, they are also IT assets that sit near the centre of organisations’ security strategy. With a third of organisations (33%) indicating they experienced a cyber attack targeted at their domains in 2020, up from 23% in 2019 according to the same Clarivate survey, it comes as no surprise that security is a key consideration in domain management.
In fact, more than half (56%) of organisations see security as the biggest challenge when managing their domains. Cyber attacks continue to rise, as well as the number and sophistication of attack vectors, with malware, web-based attacks and phishing the top threats, according to the European Union Agency for Cybersecurity (ENISA). If domain names are not secured and properly managed, there are a number of different ways that organisations could fall prey to cyber criminals. With brand reputation, customer trust and revenue at stake, domain security needs to be a serious consideration, alongside other elements of cyber security.
As the retail increasingly focuses on digital transformation, Freya Jacob, assistant editor of Brainvire, discusses the key drivers of this process. Read here
Domain management used to simply be about selecting and registering a domain that reflected the organisation’s name, then protecting it. This might still be the case for smaller organisations, but it has become far more complex for larger organisations.
For larger organisations operating globally, domain strategies can range from registering and managing sub-domains, name variations and domains for campaigns, to regional domains and defensive registrations. The size of organisations’ domain portfolios is growing. The number of organisations owning 250 to 500 domains almost doubled from 9% in 2019 to 17% in 2020. Similarly, the volume of organisations owning 501 to 1,000 domains, grew to 14% in 2020 compared to 8% in 2019.
These burgeoning portfolios typically contain a proportion of inactive domains, purchased for defensive or competitive reasons. Organisations infrequently use these defensive domains, but may redirect them to their main websites. Whether used or un-used, defensive domain names could present security risks such as domain name server compromise and email spoofing if incorrectly configured and not securely managed.
Another aspect of global domain portfolio management that may be overlooked is the need to understand each country’s domain eligibility and requirement. For instance, .de and .ca have different rules on domain eligibility and compliance. Partnering with a domain name registrar with both global reach and local knowledge is crucial to ensuring an organisation’s domain names are managed securely and comply with the respective local country rules.
Common approaches to securing domains include two-factor authentication, single sign-on, name server monitoring and registry locking.
Registry locking, in particular, has become increasingly popular, with 39% of survey respondents in 2020 using this feature, compared to 28% in 2019. Offered primarily by corporate domain name registrars, registry lock freezes all domain transactions at the registry level until the correct high-security protocol is followed as specified by both registry and registrar. In combination with additional registrar-level locking where a specific protocol must be followed between client and registrar means that there is an extra layer of security to guard against cyber attacks such as erroneous nameserver updates, hijackings and social engineering attacks. Registry locking is becoming an increasingly valuable security feature and an ever-growing number of registries continue to introduce this feature.
High-profile domain name server compromise incidents have also served to reinforce the importance of securing domain name servers. The best corporate registrars monitor and test constantly for security threats and code vulnerabilities both within the domain management portal, and at the various domain registries.
The amount of cyber attacks that are caused by hacking online retailer accounts remains high, so how can user authentication be improved? Read here
Today’s increasingly digital society and economy offers organisations greater opportunities to connect with and do business with their target audiences. However, there are increased risks to companies ranging from cyber attacks, IP infringement and fraud that could lead to lost revenue, loss of brand reputation and erosion of customer trust.
Rather than relying exclusively on internal resources, organisations should consider partnering with a domain management provider that is equipped with the technology, expertise and support to help them deal with the complexity of domain management and security.
Written by Brian King, head of policy and advocacy, Intellectual Property Group at Clarivate
The pace of change has never been this fast, yet it will never be this slow again.
26 January 2022 / Paul Crerand, field CTO EMEA at MuleSoft, discusses how taking a composable approach using reusable […]
26 January 2022 / UK hyperautomation provider TrustPortal has launched its new enterprise-scale platform, which is capable of bolstering […]
25 January 2022 / Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an […]
25 January 2022 / Chris Richards, regional president UK&I at Unit4, discusses how a bounce back in the tech […]
25 January 2022 / The UN Committee of Experts on Big Data and Data Science for Official Statistics is […]
24 January 2022 / Ralitsa Miteva, manager of digital identity and mobile security at OneSpan, discusses how organisations can […]
24 January 2022 / Gartner has predicted that carbon emissions from hyperscalers will will be a top three criterion […]
24 January 2022 / Quantum computing is an evolving technology that promises to enhance an array of business operations. […]
24 January 2022 / Martin Tyley, head of UK cyber at KPMG, discusses how CISOs should go about fixing […]
© Bonhill Group Plc,
29 Clerkenwell Road, London EC1M 5RN
T. 020 7638 6378
Part of the Bonhill Group.
