Brian King, Head of Policy and Advocacy, Intellectual Property Group at Clarivate, explains the growing influence of domains, why security is the biggest challenge in domain management, and how organizations can secure their domains
There has been an increase in attacks on domains.
Since the introduction of the first top-level domains (TLDs) in the 1980s, there have been notable developments in the domain landscape. From the first .com domain, the privatization of the Domain Name System (DNS), and the creation of the Internet Corporation of Assigned Names and Numbers (ICANN), to the publication of new generic TLDs, domains have evolved over the beyond their original functional purpose, bringing the security challenge.
Domains as IP Assets
Domains today represent the digital storefronts of organizations and are essential to any brand’s online identity. The growing influence and importance of domains in organizations’ e-commerce strategies has led to domains being viewed as intellectual property (IP) assets. According to the World Intellectual Property Organization (WIPO), “Intellectual property assets are part of a company’s intangible property. They are legally protected… can be independently identified, are transferable and have an economic life”. Not only do domains meet the criteria of a WIPO IP asset, but a recent global survey by Clarivate of the views of top IT, legal and marketing decision makers on the role of domains in intellectual property and business revealed that 78% consider domains an important part of their intellectual property portfolio. .
The importance of domains as intellectual property assets is driving the growing involvement of legal departments in the management of domains. For example, legal expertise is often sought when analyzing a possible domain name purchase, with 49% using case law to support their analysis, according to data from Darts-ip.
The challenge of security in domain management
Although the legal teams have a role to play in managing the domain, this remains primarily the responsibility of the IT team. In reality, domains are not just IP assets, they are also IT assets that sit near the center of organizations security strategy. With a third of organizations (33%) reporting having experienced a targeted cyberattack on their domains in 2020, up from 23% in 2019 according to the same Clarivate survey, it’s no surprise that security is a key factor in managing domains .
In fact, more than half (56%) of organizations rate security as the biggest challenge when managing their domains. According to the European Union Agency for Cybersecurity (ENISA), cyberattacks continue to increase, as well as the number and sophistication of attack vectors, with malware, web attacks and phishing being the main threats . If domain names are not secure and properly managed, organizations can fall prey to cybercriminals in different ways. With brand reputation, customer trust, and revenue at stake, domain security should be a serious consideration, alongside other elements of cybersecurity.
The main drivers of digital transformation in retail
As retail increasingly focuses on digital transformation, Brainvire Associate Editor Freya Jacob discusses the key drivers of this process. Read here
Impact of increased volume and diversity of domain portfolios
Previously, domain management was simply selecting and registering a domain that reflected the name of the organization, then protecting it. This may still be the case for small organizations, but it has become much more complex for larger organizations.
For large organizations operating globally, domain strategies can range from registering and managing subdomains, variant names and domains for campaigns, to regional domains and defensive registrations. Organizations’ domain portfolios are growing in size. The number of organizations with 250-500 domains nearly doubled from 9% in 2019 to 17% in 2020. Similarly, the volume of organizations with 501-1,000 domains increased to 14% in 2020 from 8% in 2019.
These burgeoning portfolios typically contain a proportion of inactive domains, purchased for defensive or competitive reasons. Organizations rarely use these defensive domains, but may redirect them to their main websites. Whether used or not, defensive domain names can present security risks such as domain name server compromise and email spoofing if misconfigured and not properly managed. secure way.
Another aspect of overall domain portfolio management that may be overlooked is the need to understand each country’s domain eligibility and requirements. For example, .de and .ca have different rules about domain eligibility and compliance. Partnering with a domain name registrar with both global reach and local knowledge is key to ensuring that an organization’s domain names are managed securely and in compliance with respective national rules.
Common approaches to securing domains include two-factor authentication, single sign-on, name server monitoring, and registry locking.
Registry locking, in particular, has become increasingly popular, with 39% of survey respondents in 2020 using the feature, up from 28% in 2019. enterprise, registry locking freezes all domain transactions at the registry level until the correct high-security protocol is followed as specified by the registry and registrar. Combined with an additional lock down at the registrar level where a specific protocol must be followed between client and registrar, this means there is an additional layer of security to guard against cyberattacks such as faulty nameserver updates, hijackings, and social engineering attacks. Registry locking is becoming an increasingly valuable security feature and an ever-increasing number of registries continue to introduce this feature.
High-profile domain name server compromise incidents have also served to reinforce the importance of securing domain name servers. The best enterprise registrars continuously monitor and test for security threats and code vulnerabilities both within the domain management portal and in the various domain registries.
What to know about user authentication and cybersecurity
The number of cyberattacks caused by the hijacking of online retailer accounts remains high, so how can user authentication be improved? Read here
A partnership for peace of mind in domain security
Today’s increasingly digital society and economy provides organizations with greater opportunities to connect and do business with their target audiences. However, businesses face heightened risks, ranging from cyberattacks to intellectual property infringement and fraud, which could lead to lost revenue, loss of brand reputation and erosion of customer trust.
Rather than relying exclusively on internal resources, organizations should consider partnering with a domain management provider that has the technology, expertise, and support to help them manage the complexity of domain management and security.