{"id":8388,"date":"2019-12-10T08:49:47","date_gmt":"2019-12-10T13:49:47","guid":{"rendered":"https:\/\/www.cscdigitalbrand.services\/blog\/?p=8388"},"modified":"2019-12-11T12:11:36","modified_gmt":"2019-12-11T17:11:36","slug":"cyber-security-risk-postures","status":"publish","type":"post","link":"https:\/\/www.cscdbs.com\/blog\/cyber-security-risk-postures\/","title":{"rendered":"DNS, Domain Names, and Certificates: The Missing Links in Most Cyber Security Risk Postures"},"content":{"rendered":"\n

DNS, Domain Names, and Certificates: The Missing Links in Most Cyber Security Risk Postures<\/h3>\n\n\n\n<\/a>\n
By Vincent D’Angelo<\/strong>
Global Director Corporate Development and Strategic Alliances<\/i>

Share this post<\/strong> \n<\/a>\n<\/a>\n<\/a>\n\n\n\n

In 2019, we\u2019ve seen a surge in domain name system (DNS) hijacking attempts and have relayed warnings from the U.S. Cybersecurity and Infrastructure Agency, U.K.\u2019s Cybersecurity Centre, ICANN, and other notable security experts. Although, the topic has gained popularity amongst CIOs and CISOs, most companies are still overlooking important security blind spots when it comes to securing their digital assets outside the enterprise firewalls\u2014domains, DNS, digital certificates. <\/p>\n\n\n\n

In fact, most\norganizations, regardless of geographic location or industry, are exposed to\nthese risks. Our most recent Domain Name Security report<\/a> featuring insights from the\ndefense, media, and financial sectors illustrates the risk trends.<\/p>\n\n\n\n

  1. Do you know who your domain name\nregistrar is (the domain name management company that holds the keys to the\nkingdom)?<\/li>
  2. What do you know about your\ndomain name registrar\u2019s controls, security, policies and processes?<\/li><\/ol>\n\n\n\n

    I like to think of\nthis topic like the electricity that powers our homes<\/a>. Everyone expects their lights\nto work, but then, what happens when the power goes out? In the enterprise\nenvironment, domain names, DNS, and certificates are the lifeline to any internet-based\napplication including websites, email, apps, virtual private networks (VPNs), voice\nover IP (VoIP) and more. <\/p>\n\n\n\n

    Unfortunately, the\nsecurity of these critical digital assets is often overlooked because management\nresponsibilities are often split between legal and IP, marketing, IT and security,\nand third parties, like agencies and law firms. As a result, cyber criminals\nand state-sponsored actors are capitalizing on these vulnerabilities to launch\nsocial engineering attacks in an attempt to hijack an organization\u2019s entire web\npresence. Most of these attacks are occurring by targeting critical nodes, such\nas domain name registrars<\/a>, which can lead to:<\/p>\n\n\n\n