By Alban Kwan, regional director | East Asia
Share this post
One of the “fathers of the internet,” Vint Cerf, in a September 2019 article he published said: “Today, hackers routinely break into online accounts and divert users to fake or compromised websites. We constantly need to create new security measures to address them. To date, much of the internet security innovation we’ve seen revolves around verifying and securing the identities of people and organizations online .”
According to Vint, internet identity is a core issue in cyber security, and this seems to be a topic that is rarely discussed in cyber security circles. Why is such an important concept not drawing more attention? I believe one of the reasons is that internet identity is not clearly defined, and the concept goes beyond the technical aspects of networking and into the realm of intellectual properties and branding.
So, what is internet identity? To answer this, I refer to another term that might be easier to comprehend—digital assets. Digital assets are the properties that help establish an online presence and identify who each of us are when connecting with others on the internet. Companies don’t exist online without these assets, such as domain name, domain name system (DNS), email address, mobile apps, or social media handles. Digital assets are part of an organization’s intellectual property that are used actively by internal and external stakeholders for communication, making them critical property from cyber security and online marketing perspectives.
If Vint is right, digital assets or internet identity are critical to the success of an organization’s digital success. There are many articles and best practices shared on digital asset management, but this article will discuss the trends of digital asset management after the COVID-19 pandemic.
1. Rise of desktop use and internet conferencing
Recent research by Mozilla® finds a significant increase in the use of desktop computers, which is possibly because of the social distancing measures implemented around the world . With most employees confined at home for work, the desktop is the primary tool for work, information, and entertainment, with less reliance on mobile devices, which were much easier to use when people were on the move and traveling.
At least in the short term, there is an observed decrease in mobile phone and mobile internet use. According to a New York Times article, “The Virus Changed the Way We Internet ,” popular entertainment and social media brands see an increase in website use over their mobile apps.
|Brand||Increase in daily traffic on .COM websites||Increase in daily traffic on mobile apps|
In the long term, we expect that internet conferencing will be here to stay as a means to conduct business. Many organizations have realized that not all meetings need a physical congregation—the virtual meetings during stay-home restrictions have also highlighted that while physical meetings can be reduced, human nature still demands face-to-face interaction, even if it’s through a video call. Furthermore, many companies would have already invested in the mobile working environment, and with the likely economic downturn, internet conferencing allows for greater cost control.
There will be two key impacts on digital asset management:
First, regardless of desktop or mobile use, the use of the internet is on the rise, and the basic infrastructure of how a brand exists and connects to users on the internet, i.e., digital assets, will become even more critical to businesses.
With the proliferation of smart phones and devices, there have been misconceptions among companies relating to digital assets. One is that since there’s an increasing trend of mobile internet use, apps are king and nothing else matters—that typing in a domain name into a browser is a relic of the .COM age, and a website and its associated domain portfolio can be dropped. This cannot be further from the truth. The internet uses IP addresses, domain names, and DNS to connect a company to its customers, and this is consistent whether the access is by mobile or desktop. To say the least, most mobile apps use domain name and DNS, and there is a trend of developing mobile apps using HTML5—which is a programming language for websites.
This reliance on digital assets for mobile app development, in addition to the current trend of increasing desktop use, should also serve as a reminder to companies not to neglect their web properties, and that digital assets such as domain names and DNS remain critical for continued presence on the internet.
Secondly, the more we rely on the internet, the more we should invest in its security. The proliferation of online conferencing will complicate cyber security, as it opens yet another channel to a cyber attack. Globally, we have seen a huge increase in the use of Microsoft Teams and Zoom, with the latter coming under attack in what is now known as “Zoom-bombings.” Zoom-bombings are when complete strangers intrude on video conferencing sessions. Some organizations may restrict adding contacts from outside the organization, but eventually, there’s a possibility that online conferencing could supplement telephone calls, emails, or chat support as it has in China. In China, companies have been using WeChat, DingTalk, or Lark for business communication, most times even replacing the humble email. It’s been so popular that conference attendees in China will not exchange business card but add each other on WeChat. Customers will likely continue to demand instant and interactive service, and this trend towards online conferencing may prove inevitable.
Online conferencing and instant communication tools add to a security risk, as there are few ways to validate the user on the other end, and they’re usually built for open social communication. For instance, a random user with an ill-gotten meeting link and password, could easily pass as a legitimate contact on a conference call by impersonating someone else. Unlike email, the domain name of the email address can be used as identity validation, i.e., @truecompany.com, and there are protocols such as domain-based message authentication, reporting, and conformance (DMARC) and sender policy framework (SPF) prevent spoofing. However, WeChat, Teams, and Zoom identifications provide little assurance of user authentication on the other end. Personally, my contact list on WeChat is full of contacts who may have changed company or whose mobile phone has been stolen, and I have also received chat invitations from unknown contacts who have added my number, mistaking me for the previous owner of the phone number that has been recycled.
It’s easier to trick employees with fake or similar-looking identifications on these platforms where a fraudster might be invited to a business conversation sharing sensitive data, or access rights might be shared. A fraudster could also pretend to represent your company and phish your customers.
There have been many types of phishing and social engineering scams occurring on Chinese business communication tools , and malicious actors will look for whatever they can abuse, including Teams and Zoom, if proven to be valuable. As with the corporate email address, WeChat or Zoom identifications may be included in the digital assets portfolio that organizations need to actively manage. Regardless of how this trend develops, this speaks to the importance of the core principle of digital asset management—it’s critical to have the right accounting and management of what you own and what identifies you, as only then can you distinguish what’s fake.
2. Exploitation of the DNS
In an article I’ve written on the security blind spots in business continuity plan implementation, I addressed the risk of virtual private network (VPN) and DNS hijacking during COVID-19. In a post-COVID world, such risk is likely to continue, and it may also take another form.
Many organizations may now be more comfortable with remote working arrangements, and have a VPN setup or remote working policy established. That means organizations may continue to allow work from home and other flexible working arrangements. However, not all organizations have considered the additional cyber security risks for remote working environments, and their infrastructures are still designed for centralized access.
Such arrangements expose organizations, and especially executives and employees with high access permission, to hijacking attacks targeting the weakest spot of the chain—home routers and DNS. Reports have already surfaced that hackers have started to exploit home routers and use “DNS hijacking to redirect users to a web page that offers a Covid-19 informational app download.” This attack can be used to launch various attacks, as they redirect users, and can inject any information or malware.
Companies need to ensure that when executives, partners, or clients try to access organization information, they’re not going to be misdirected to malicious content. Companies should fortify two areas: 1. The authoritative DNS server and 2. The information provided through the recursive DNS network (i.e., the ISP).
A company’s authoritative DNS server controls the location of all online services. If this is hijacked, either the nameserver record is changed at the registrar, or the DNS zone record is changed on your DNS host, allowing hackers to redirect everyone accessing a company’s online services anywhere they want. This is an extremely powerful attack that happens outside the firewall. The infamous DNSpionage campaign and Brazilian bank heist serve as a warning.
The location of servers is also saved by various ISPs and routers through their recursive DNS. This architecture is designed to improve DNS resolution speed and redundancy. However, this is also a primary way to temper DNS records, because a company has no control over recursive servers, and there are just too many intermediaries. There’s bound to be one party that has weak security.
Once hackers gain control of any recursive DNS, including the home router, they are able to temper where CompanyBrand.com (key domain) or vpn.CompanyBrand.com (VPN server), MX.CompanyBrand.com (email server) points to. All these attacks happen even before they reach a firewall, thus must be prevented outside the firewall.
To avoid this situation, organizations should implement DNS security extension (DNSSEC) that provides “cryptographic authentication of DNS data and data integrity .” It’s proposed by The Internet Corporation for Assigned Names and Numbers (ICANN )and leading security experts  as one of the key methods to prevent DNS hijacking. Although DNSSEC is not the “be all, end all” solution to DNS security, as it doesn’t encrypt the DNS data, it’s a critical security control. It’s the only protocol available to ensure the integrity of DNS data, i.e., users can be sure that the website address (the A record) they obtained from any recursive DNS server is the same as what the company published.
3. De-globalization leads to higher preference for local content
Another possible trend that might affect digital asset management is de-globalization. Populism and de-globalization are forces that have been affecting the world in the past few years and possibly accelerated by the COVID-19 pandemic. Both trends lead to a stronger national sentiment and preference for local goods and services. This local preference may influence the online world and how corporations use their digital assets to communicate with clients.
For instance, there has long been a trend to establish a centralized global website by global corporations using a .COM. Even for local businesses, some may prefer to use a .COM domain to signify that they are a bigger business or aspiring global business—a possible reflection of a globalized and interconnected world.
In recent years, the paradigm of a single .COM global website is challenged by increasing national internet policies that may result in companies establishing different sites to remain compliant in different jurisdictions. De-globalization may extend such challenges beyond policy fragmentation into commercial preferences. Consumers may prefer buying local, and if this is indeed a social trend, there might be a stronger need for large global organizations to localize, and put more emphasis on local content and even use country-code top-level domains (ccTLDs) to better identify with the local audience. So instead of having their ccTLD redirect to the .COM domain, a localized redirection strategy where the .COM redirects to respective ccTLDs through geo-redirection may yield greater consumer approval.
Digital assets are one of the key identifiers for organizations in the online world. It’s a complex link between IT, intellectual property, and branding, and it could have a profound impact from a cyber security perspective. CSC has provided some observations on how digital asset management might change in the post-COVID-19 world, and shows how the management of these assets is linked to the exploitation seen in various security incidents. The management of digital assets is critical for the online operation of a business and demands senior-level oversight.