Most Forbes Global 2000 organizations don’t have even basic domain security in place, leaving them open to attacks with potentially devastating consequences, according to a report from Digital Brand Services (DBS).
Forbes Global 2000 companies don’t take domain security seriously, and proof is in the 2020 Domain Security Report: Forbes Global 2000 Companies underlines just how big a problem it actually is.
83% of the Global 2000 lack domain security measures, such as a simple registry lock, leaving them open to attacks such as domain name hijacking. Companies that lose control of their domains can suffer both financial and reputational damage if a malicious hacker takes the helm.
The lack of domain security is actually much worse than just the lack of registry lock.
“Four out of five Global 2000 companies are severely at risk and exposed to the domain name and DNS hijacking due to a lack of registry locks,” reads the report. “53% of the Forbes Global 2000 use retail-grade domain registrars, putting them at greater risk for phishing, social engineering, and attacks while complicating compliance demands.”
Also, only 20% of the companies use some form of enterprise-grade DNS hosting, which means that the other 80% are entirely open to a host of security issues, including DDoS attacks. Furthermore, only 3% of the companies use DNS security extensions (DNSSEC), leaving the remaining 97% wide open to cache-poisoning attacks.
From the looks of it, most of these companies focus on other types of threats, strengthening endpoints and their own networks. But different kinds of cyberattacks can be deployed against companies that will never reach that level, and it can still cripple an organization without compromising the corporate infrastructure. Domain security needs to be taken as seriously as any other form of cybersecurity.