Every business depends on a series of suppliers and vendors. These relationships form supply chains that companies manage with and have become increasingly complex, leaving organizations exposed to more risk.
Research shows that phishing and related malware attacks most often occur from a compromised or hijacked legitimate domain name, a maliciously registered domain name that is confusingly similar, or via email spoofing. The time to rely solely on a secure firewall for protection has receded, as cybercriminals have long since adjusted their attack strategy.
Businesses should still focus on hackers, but should also turn their attention to other supply chain services, just as cybercriminals did. Hacker heaven now lies outside firewalls. They redirected their attacks by harvesting data through gaps in external digital assets. With outsourced domain management, cybercriminals are attacking supply chains.
Outside the firewall are a company’s digital assets, including domains, domain name system (DNS), and digital certificates. These are basic elements that a company uses to communicate with its customers, with each other and with its internal networks. With the DNS infrastructure located outside the firewall, cybercriminals hijack corporate online presence, web traffic, and impersonate businesses to trick customers and staff into sharing valuable information and confidential, allowing cybercriminals to further infiltrate the network. After taking control of the DNS, they control all of a company’s websites and no longer need to break in, but only redirect traffic to harvest data.
With the upsurge in criminal activity, DNS sales have increased accordingly. As companies evaluate what to do with their DNS, here are three steps they should consider before bringing their domain online.
- Evaluate all business partners and suppliers.
Organizations should conduct an annual security review of the companies they work with. Conducting a security audit every year allows organizations to gain insight into their evolution, development and adaptation. Vulnerabilities are constantly being discovered and this assessment ensures that they adapt to emerging threats each year and understand their methods of remediating vulnerabilities.
Understand the organizations the company does business with and what that supply chain looks like. It will be important to map all the actors involved and determine where potential disruptions or attacks could take place.
- Know the assets that are part of the roadmap.
Here are some important components that security teams should consider as part of the roadmap:
- Web hosting providers: Organizations usually outsource the web hosting function, but it is important to ask third-party providers the security questions to understand if they are secure. A business could use a world-class registrar, however, a less than robust web hosting provider could open the business up to hacking.
- Domain Registrars: Businesses should evaluate whether they are using domain registrars strong enough to meet their business needs. Many companies rely on consumer-grade registrars when they need to explore enterprise-grade alternatives.
- DNS Providers: Evaluate the best DNS provider for the organization. If the DNS is hacked, the company loses its email service, Voice over Internet Protocol (VoIP), and access to its VPN connections. With businesses working remotely and moving back to a hybrid model, protecting DNS is critical as it allows organizations to maintain an online presence and remain productive.
- SSL providers: Organizations tend to outsource the company that manages their SSL certificates. However, it is better to manage the certificate internally. Some 51% of Global 2000 companies admitted to not having accurate accounting of their SSL certificates. By not properly managing the SSL certificate, organizations can lose the trust of their consumers because search engines will not recognize the domain as a secure platform.
- Domain monitoring: Don’t let cybercriminals create their own supply chain on behalf of the company which they can then use to break into the supply chain via harvested credentials. By registering a domain using the corporate brand, they are essentially creating a new supply chain to their chosen location.
When companies use multiple third-party providers to manage their digital assets, they run the risk of forgetting which entity manages their domains, DNS, or SSL certificates. This in turn leads to an increased risk of mismanagement, including domain expiration, failed digital certificate replacement, and/or DNS outages. Businesses need to champion what’s outside the walls, not just inside. They must constantly stay on top of their digital assets and network security. Remember, this is a journey, not a destination.
Mark Flegg, Global Director of Security Services, CSC