Domain-related infrastructures are growing in size and complexity—but, without strong security measures in place, companies are left vulnerable to increasingly potent cyber risks. With just 7% of CISOs admitting they’re confident in their company’s ability to mitigate domain-based attacks, it’s crucial internal security teams start to raise their game.
Corporations, their partners, and customers are becoming ever more connected. It’s now effectively impossible for any sizeable business to operate without email gateways, websites, domain name system (DNS) names, web servers, and a host of other integrated communication ecosystems.
The challenge for organizations is that the number of online resources exposed to the outside world continues to proliferate. Vital digital infrastructure has become a relatively soft target open to attack by bad actors, either as one-off cyber attacks or as a gateway to launch further incursions such as phishing or ransomware.
To understand how chief information security officers (CISOs) are responding to such domain-based threats, we commissioned independent research among CISOs, chief information officers (CIOs), and other senior IT professionals globally for our CISO Outlook 2025 report.
Few respondents are on track to tackle domain-based attacks
When asked how confident CISOs are in their company’s ability to mitigate domain attacks:
- Just 7% say they’re very confident, adding their organization has robust tried-and-tested measures in place
- 76% say they’re somewhat confident, stating they’ve taken key steps but recognize areas for improvement
- 17% are neutral, telling us their firm has made some efforts so far, but there’s no strategy in place
The concern that only 7% of organizations feel fully prepared to handle domain-based attacks is amplified by their sentiment around how quickly they could take action to delete specific fraudulent domain assets. Less than a quarter of CISOs say they’re in an optimal position to take down this type of cyber threat.
- 22% say they have the right tools and processes in place to react quickly and effectively to take down the threat
- 59% have tools and processes in place, but say it’s a complex and time-consuming process to take down the threat
- 15% have some processes in place, but their approach is not optimized to deal with cyber threats
Our study also found that three-quarters of respondents use a trusted DNS provider to manage digital threats targeting their attack surface and digital assets, but only half have developed and regularly test incident response plans, and half use an AI-based monitoring and enforcement solution.
What is the potential impact of domain-based attacks?
The lack of preparedness for domain-based attacks uncovered in our research highlights the vulnerability of company attack surfaces and digital assets. How many companies could operate with their email or web servers offline for even one day? Hackers often target domain names or websites with specific threat vectors such as cybersquatting or DNS cache poisoning. We’re seeing high volumes of such attacks already, and we expect them to grow drastically in 2025 as off-the-shelf tools and attack kits become more accessible.
Not only that, but domain-based incidents are seen as an easy entry point for attacks on corporate assets. We’re seeing more incidences of hybrid or blended attacks. They may begin with a DNS attack that compromises a corporate website, then go on to transmit malware across the whole core platform, leading to a damaging distributed denial of service (DDoS) attack.
CISOs must ensure they’re building domain security into their overall security posture. Without domain security, criminals can redirect websites for financial gain, intercept email to conduct espionage, and even harvest credentials to breach organizations’ networks.
How can CSC help?
As the world’s leading corporate domain name registrar, CSC offers the most innovative, next-generation domain management and security solutions, coupled with online brand and fraud protection.
CSC is well placed to help enterprises in the domain security ecosystem. We provide a multi-layered cybersecurity approach that employs various security measures across different layers, including domains. DomainSecSM is our new, comprehensive platform for domain security. Powered by a correlation engine and machine learning technology, it brings together a variety of data sets and blocking networks only available to CSC, enabling threat intelligence based on domain security insights.
Read our report to find out more.