IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Large companies fall short on domain security

Most large businesses still need to implement enterprise-level controls

The majority of organisations on the Forbes Global 2000 list are vulnerable to attacks on their internet domains due to poor security, according to a study released today by domain registrar and digital branding company CSC.

The company analyzed domains owned by the top 2000 companies on Forbes' list to assess their domain security controls. It found that many of them failed to implement domain security controls that would help to prevent phishing and domain hijacking.

Half of the companies surveyed do not use Domain-based Message Authentication, Reporting, and Conformance (DMARC), a protocol used to verify that emails came from a legitimate address. 

IT software and services companies were the highest adopters, at 74%, followed closely by health care equipment and services, semiconductor manufacturers, and media companies. Construction companies (28%) were the least likely to use the tool.

CSC also found low usage of several other domain protection methods. Only 5% of companies used DNSSEC, a protocol that prevents DNS cache poisoning attacks. The same number used certificate authority authorization (CAA) records, which designate a separate certificate authority for a company's domains. This stops an attacker from accessing a company's digital certificates if they get control of a domain.

Registry locks secure domain name transactions from end to end, helping to prevent domain hijacking. Only one in five companies used these.

Related Resource

HP Wolf Security: Threat insights report

Equipping security teams with the knowledge to combat emerging threats

Skyscrapers from belowFree download

CSC also searched for suspicious domains often used in phishing attacks that hackers might use to target companies on the list. These included fuzzy matches, which substitute alternative Latin characters in domains (such as 0 instead of o), “cousin” domains using different top-level domains (like country-level domains instead of .com), domains that mix topical keywords in with a company name, and homophones, which use names that sound like others.

Researchers also searched for homoglyph-based domains (also known as homographs). These domains use Unicode characters from non-Latin character sets such as Cyrillic or Greek that look like Latin characters, enabling them to mimic popular targets' domain names.

The company found that 70% of these suspicious domain types were owned by third parties, with 60% registered since the beginning of 2020. Most domains (57%) pointed to advertising or pay-per-click (PPC) web content or were parked. However, nearly half (44%) were configured to send and receive email, making them potential vehicles for phishing spam.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is hacktivism?
hacking

What is hacktivism?

27 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022