Every business depends on a series of suppliers and vendors. These relationships form supply chains that businesses deal with and have become increasingly complex, leaving organizations exposed to more risks.
Research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered and confusingly similar domain name, or via email spoofing. The time of purely relying on a secure firewall for protection has receded as cyber criminals have long adjusted their attack strategy.
Businesses should still focus on hackers breaking in, but should also turn attentions to other supply chain services just as cyber criminals have. Paradise for hackers now lies outside the firewalls. They have redirected their attacks by harvesting data through the gaps in external digital assets. With outsourced domain management, cyber criminals are attacking supply chains.
Outside the firewall lies a company’s digital assets, including domains, the domain name system (DNS), and digital certificates. These are fundamental building blocks that a business uses to communicate with clients, each other, and its internal networks. With DNS infrastructure sitting outside the firewall, the cybercriminals are hijacking the company's online presence, web traffic, and impersonating businesses to trick clients and staff into sharing valuable and confidential information, which lets the cybercriminal further infiltrate the network. After gaining control of DNS, they control all of a company’s websites and no longer need to break in, but only redirect traffic to harvest data.
With the uptick of criminal activity, DNS sales have increased accordingly. As companies are evaluating what to do with their DNS, here are three steps they should consider before getting their domain online.
- Evaluate all business partners and vendors.
Organizations should conduct a yearly security review on the companies they work with. Conducting a security audit each year lets organizations have insight into how they are maturing, developing, and adjusting. Vulnerabilities are constantly being discovered and this evaluation ensures they are adapting to emerging threats each year and understand their methods of patching vulnerabilities.
- Build out a roadmap.
Understand the organizations the company does business with and what that supply chain looks like. It will be important to map out all the players involved and determine where the potential disruptions or attacks could take place.
- Know the assets that are a part of the roadmap.
Here are a few important components that security teams should consider a part of the roadmap:
- Web hosting providers: Organizations typically outsource the web hosting function, but it's important to ask third-party providers the security questions to understand if they are secure. A company could use a world-class registrar, however, a less than robust web hosting provider could open the company to a hijacking.
- Domain registrars: Companies should evaluate whether they are using domain registrars that are strong enough for their enterprise needs. Many companies rely on consumer grade registrars when they should explore enterprise grade alternatives.
- DNS providers: Evaluate the best DNS provider for the organization. If the DNS gets hijacked, the company loses its email, voice over internet protocol (VoIP) service and access to its VPN connections. With companies working remotely and transitioning back to a hybrid model, it’s critical to protect the DNS as it lets organizations maintain an online presence and stay productive.
- SSL providers: Organizations tend to outsource the company that manages its SSL certificates. However, it’s better to manage the certificate internally. Some 51% of Global 2000 companies have admitted to not having an accurate accounting of its SSL certificates. By not properly managing the SSL certificate, organizations may lose their consumer’s trust because search engines will not recognize the domain as a secure platform.
- Domain monitoring: Don’t let cyber criminals create their own supply chain in the company’s name which they can then use to penetrate the supply chain via harvested credentials. By registering a domain using the company’s brand, they are essentially creating a new supply chain back to their choice of location.
When companies use multiple third-party vendors to maintain their digital assets, they run the risk of forgetting which entity manages their domains, DNS, or SSL certificates. This in turn leads to increased risk from poor management that includes the domain expiring, failing to replace a digital certificate, and/or DNS outages. Businesses must defend what’s outside the walls, not just inside. They need to continuously stay on top of their digital assets and the security of their network. Remember, it’s a journey, not a destination.
Mark Flegg, global director of security services, CSC