Skip to main content

The threat and the solution: Why DNS management is imperative for business protection

security
(Image credit: Shutterstock / Gorodenkoff)

Ten years ago, the threat of a Domain Name System (DNS) compromise wasn’t so high on the radar for many businesses. Yet the move to digital has accelerated exponentially in recent years, which has sadly been matched by a reciprocal increase in the scale and frequency of DNS related cybercrime. How businesses host, manage, and protect their DNS is now an integral part of improving their overall digital security posture. 

Only with the right domain name management strategy in place can organizations safeguard critical domains, associated digital services and brand Intellectual Property. This must be a key part of any corporate domain name management process in order for organizations to protect against breaches, avoid nasty costs from regulatory fines and ensure brand reputation.

The cyber-security challenges around DNS 

Emerging from the pandemic, the online space has been - and continues to be - radically transforming. Research shows that global cyber intrusion activity increased by 125 percent in the first half of 2021, compared with the same period last year.* As attacks become more sophisticated and the method of attack frequently changing, it’s more important than ever that businesses protect themselves in every way that they can.  

Often when attacks occur, this results in information security breaches, which are costly to businesses in terms of regulatory fines and increased operating compliance costs, as well as brand reputation damage. For most companies, the cost of losing key digital services for a day, a few hours or even minutes, is considerable, affecting brand reputation, increasing cost and resulting in loss of revenue. Even worse is when businesses are forced to foot the bill for hefty ransom payments. In the first half of 2021, the average ransomware payment increased 82 percent up to a staggering $570,000.** 

Many domain names are still hosted on the more basic Unicast DNS, which can still be appropriate for defensive, non-operational domains. However, anything that services critical business functions such as email, websites or key operational or transactional processes needs to be protected by an enterprise-grade solution, in order to ensure high availability and responsiveness, and to safeguard them from attack vectors that include volumetric Denial of Service attacks, DNS hijacking and DNS cache poisoning. 

The size of the threat has now grown to the extent that businesses are naturally becoming more security conscious, either through self-choice or regulation, and this is reflected in the value and worth of the global cybersecurity market, which has grown from a mere $3.5 billion in 2004 to a predicted $170.4 billion in 2022.*** How businesses host, manage, and protect their DNS is now an integral part of improving their overall digital security posture. This security posture will automatically feed into brand reputation – the absence of strong cybersecurity alongside the increasing awareness of cybercrime means that trust will be crucially maintained through how they protect their DNS.

Successfully manage your DNS 

The ever-present and increasing threat to businesses of all sizes from criminal cyber activity needs to be countered with the secure safeguarding of domain names and their associated DNS hosting service.  If you are to ensure uninterrupted DNS resolution of your domain names and associated digital services, and protect them from attack, the following steps should be considered: 

Use an enterprise-grade DNS platform  

Using this type of platform will ensure high availability and responsiveness of domain names and will safeguard them against attacks including volumetric Denial of Service attacks, DNS hijacking and DNS cache poisoning. Moving to this platform is quick and safe, provided you have the support of an established and experienced provider.  

Audit your domain portfolio  

Assessing your portfolio of domains can be done with full visibility by using an enterprise-grade DNS platform. Core and non-core domain names can be identified, and domain names that are being paid for but are no longer required can also be eliminated. This will ensure that only the essential domains are protected against and protection is therefore much more efficient.  

Centralize assets and security  

Centralizing the management of domain name assets and DNS through a single, secure user interface and API will give businesses a clearer picture of the risk and measures needed to protect it. Overall improvement in digital security will also provide the opportunity to rightsize portfolios, ensuring good alignment between business need and portfolio size and coverage.  

The question of who purchases domains, who manages them and even what registrations the domain name portfolio contains can be more easily managed through this centralization. It can also provide the opportunity to identify the ‘crown jewel’ registrations that need additional security measures, such as, SSL protection, registry locks and online brand protection. 

Identify gaps and fill them 

By centralizing portfolios, businesses will typically identify domain names that they didn’t even know had been registered or were operational, as well as associated gaps in security protection. This identification enables businesses to apply the right security protection needed and plug any gaps that are identified. 

Involve all stakeholders 

Domains can typically fall under different disciplines in a company, but legal/IP, marketing and IT all need to be involved in the process of creating and protecting these assets, from registrations for new product launches to online brand protection. By establishing a company-wide understanding of the importance of DNS management and a coordinated approach with key stakeholders, no one is left in the dark and it is less likely its management will fall between the cracks, leaving a business exposed.  

Stay informed and in control  

Educate yourself and colleagues on the cybercriminal threats that exist. The internet is dynamic and rapidly changing, with new threats emerging all the time. Working with an established provider, remaining informed and in control of domain name security services will allow organizations to remain one step ahead of the emerging threats. 

Final words 

It may be easy to neglect a business’ DNS management, as it can sit between multiple business units and owners, but its importance cannot be underestimated. Without domain name security and preventative measures in place, bad actors who are ready to take advantage will, causing costly repercussions and inevitable damage to business reputation. Organizations must make DNS management a priority by using an enterprise-grade DNS platform and working with a partner who can assist in auditing and protecting the businesses domain assets, to safeguard their organization long-term. 

Gareth Jehu, Global Operations Director, Com Laude

Gareth Jehu, Global Operations Director at Com Laude.