ITEM: As media companies go digital, many are now turning to enterprise-class providers for domain security. Which would be great except that many media firms are still failing to protect themselves with even basic security measures that are not only cheap, but dead easy to implement.
That’s according to a new cyber security report issued in June from digital brand management firm CSC that scrutinizes domain security trends in the media industry. Domain security is important for everyone, of course, but it’s a key part of branding as well – your website URL (www.whatevermedia.com) is an extension of your brand. Put simply, an attack on the domain is an attack on the brand, whether it’s customer information getting stolen or your front page being defaced, or someone setting up a fake site that unsuspecting marks think is run by you.
CSC says that while any online business needs to take security seriously, media brands are particularly vulnerable because their digital business is designed to collect customer data – including payment information and login credentials – which makes them a data-rich target for hackers out to steal such data.
The good news is that most media brands (78%) use a corporate registrar for their domain rather than a retail registrar, says CSC. In general, enterprise-class registrars invest more in security technologies, and the better ones can help make domain security elements like locks, email, DNS and SSL easier to implement.
Yet a distressing number of media brands don’t implement even the easiest techniques, even though they’re not difficult and don’t cost that much, the report says.
For example, only 43% of respondents have registry locks in place. Those locks protect against social engineering tactics that can lead to unauthorized DNS changes that could take a site offline or redirect users to malicious content – yet 37% don’t turn them on, while the remaining 20% use a service that doesn’t offer registry locks as an option.
Meanwhile, while 55% use enterprise-level DNS providers and 25% use their own DNS architecture (which is good), only 3% use DNSSEC (DNS security extension), a cost-effective security protocol that protects against DNS vulberabiities that could allow hackers to take control of a browsing session and redirect users to a fake website.
A major gap is email authentication, which protects against email spoofing and potential phishing. Techniques like DMARC (domain-based message authentication, reporting, and conformance) SPF (sender policy framework), and DKIM (domain keys identified mail) can help. CSC says most brands use SPF, while only 27% use DMARC: “For companies communicating with millions of users, the low adoption rates are surprising,” the report says.
Overall, the report says that while most media brands have some level of domain security, implementation should be a lot more widespread than it is, considering what’s at stake, and considering that these techniques aren’t that expensive in the first place – especially when compared to the cost of a breach.
CSC offers a number of recommendations for media brands to address this, many of which hinge on signing up with a corporate registrar – not only is the security support better, they also support auto-renew of your domain (pro tip: retail registrars often don’t).
CSC recommends identifying and locking up your vital domains and take advantage of whatever domain security measures the corporate registrar offers – they’re a lot better at keeping up with the latest attacks and defenses than you are.
That said, the other key recommendation is to make domain security everyone’s priority in your company – from IT and legal to marketing and brand management:
Everyone’s input is valuable when it comes to the management of the domain portfolio. We recommend companies start a domains council because security is everyone’s job.
That includes the board, CSC adds:
With global attacks, and mega breaches, in addition to regulatory compliance, cyber security is now a top priority for the board. Among the risks identified in the Business Continuity Institute Horizon Scan Report, DNS plays a contributing factor to four of the top 10 risks.
The full report is available for download right here.