RESOURCES AND NEWS

CSC Security Center

Putting security first for critical online brand assets.

For companies that need to be aware of and mitigate cyber risks not contained by their traditional firewall solutions.

REGISTRATION OPEN

CSC Security Center — What It Can Do for You

Join us for our Industry Update webinar, where we spend 30 minutes on the latest news in domain management & security, brand protection, and fraud protection.

Why Domains are Essential for Cybersecurity

Join our webinar where we will explain why domain names are an integral part of an organization's cybersecurity and what happens when they are compromised.

COVID-19 and the Rise in Online Brand Abuse

Healthcare Global May 18, 2021

New research carried out by CSC Digital Brand Services, an online brand security company, has identified 325k domains that conduct malicious activities and enable brand abuse, 68% of which were related to COVID-19 treatment, testing and tracking. Chief technology officer Ihab Shraim tells us what this means for the healthcare sector.

Avoid Being a Headline: Not all Domain Registrars are Created Equal

InfoSecurity Magazine May 11, 2021

The SolarWinds and Microsoft Exchange cyber-attacks have shown the importance of vetting third-party technology, operational processes and security controls in order to identify and mitigate supply chain risk. Choosing a domain name registrar is such a vital decision because of the many security risks in the domain and DNS ecosystem such as phishing threats or brand infringements.

Industry Updates – To Block or Not to Block? Best Practices for Domain Blocking Strategies

Join us for our Industry Update webinar, where we spend 30 minutes on the latest news in domain management & security, brand protection, and fraud protection.

“It’s always DNS!”

“It’s always DNS!” is a popular meme among system administrators. Find out why DNS is the biggest single point of failure in the new norm, and why companies need to reevaluate the concept of cyber security from network security to inter-network security.

Domain Name Security Neglected by U.S. Energy Companies: Report

Security Week April 15, 2021

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets. The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric utilities, water treatment plants and other industries protect their systems. Data collected by CSC last week shows that nearly 80 percent of the top U.S. energy organizations are at risk of cyberattacks targeting their DNS and internet domain names.

Automated Digital Certificate Management - Getting it Right

Join us for this webinar, where CA/B Forum members Nick France and Tim Callan of Sectigo will join CSC product director for security services, Mark Flegg, to discuss the latest updates on digital certificate renewals.

ICANN 70: Insights from the Virtual Meeting

Join our upcoming webinar, which gives a recap of the recent ICANN 70 Virtual Meeting.

Online fraud — How to Stay Ahead

Join us for our Industry Update webinar, where we spend 30 minutes on the latest news in domain management & security, brand protection, and fraud protection.

Risks from Spoofed Domains are Different but Still Problematic

Loss Prevention Magazine March 18, 2021

One of the industry’s leaders in the fight against counterfeit products noted a shift in how fake goods are primarily marketed to customers, from misspelled domains to online marketplaces and, increasingly, social media.

Making the Platform Relationship Win-Win

The relationship between brands and eCommerce platforms is one that can be both combative and collaborative.

Calculating Your Return on Investment with Brand Protection Solutions

Join us for our Industry Update webinar, where we’ll spend 30 minutes on the latest news in domain management and security, brand protection, and fraud protection.

#SaferInternetDay: How Online Users Can Detect Misinformation

Infosecurity February 9, 2021

Misinformation is an issue that has come firmly to the fore over recent years, fuelled by increased access to the internet throughout the world. Elliott Champion, leader of brand and fraud divisions at CSC, explained: “[Given] the ongoing COVID-19 pandemic, misinformation is being used to take personal credentials and money. Misinformation around COVID-19 treatments, events, related news, (fake) tracking apps, vaccinations, monetary relief schemes, charity drives or donations have become widespread.”

Why Companies Will Need Better Intelligence and Security To Prosper in 2021

APAC CIO Outlook February 8, 2021

As the world continues to grapple with the effects of COVID-19, we predict that companies will continue to find ways to adjust to the situation they are faced with—to explore new channels of revenue, connect with their employees and customers, and address a growing need to tighten on cyber security and online brand protection.

Why Domain Names are Central to your Cyber Security

Join us for our Industry Update webinar, where we’ll spend 30 minutes on the latest news in domain management and security, brand protection, and fraud protection.

Protecting your Brand Against the Increasing Threats of Online Fraud

In our first webinar of 2021, we’ll delve into the outcomes of 2020’s marked increase in online fraud from cyber criminals, who took advantage of our increased reliance on the internet due to COVID-19 restrictions.

Holiday Shopping and eCommerce Digital Threats

In our December session, we’ll be looking at the results of some recent research by CSC on the digital threats to companies and consumers associated with holiday shopping and eCommerce.

CSC Domain Name Lapse Policy: Stop – Review – Action

While many companies spend time reviewing the domain names they wish to lapse, they don’t always have all the information to make a truly informed decision. At CSC, it’s our responsibility to make sure you understand your options and potential security threats.

ICANN 69 – Insights from the Virtual Meeting

The session will share highlights of important industry policy developments that will affect your online domain name, brand protection, and cyber security strategies in 2020 and beyond.

Protecting your Company from Social Engineering Attacks

Social engineering scams are some of the trickiest phishing attacks to identify. But what is social engineering, how does it manifest itself, and what are the key characteristics to look out for?

New CSC research finds over 90% of website linked to Donald Trump and Joe Biden campaigns at risk for potential redirection, disinformation, and data theft

Journal of Cyber Policy October 9, 2020

CSC, a world leader in business, legal, tax, and domain security, today released new research from their Digital Brand Services (DBS) division that reveals areas of risk for prominent election-related websites. The research indicates that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are being targeted for disinformation activities such as domain spoofing, and threats including domain name and domain name system (DNS) hijacking, and phishing.

Over 90% of domains linked to Trump, Biden websites vulnerable to cyberattacks: study

Israel Defense October 12, 2020

The vast majority of web domains closely linked to the presidential campaign websites for Donald Trump and Joe Biden lack basic domain security protocols and are at risk of potential disinformation activities and data theft, according to findings released Thursday. The research by US-based digital asset security company CSC found that over 90% of these web properties are not using registry locks to protect their domains from domain and DNS hijacking that can lead to phishing attacks, network breaches, and email compromise.

Most domains linked to US election vulnerable

Technology Decisions October 12, 2020

Over 90% of web domains associated with the presidential election campaigns of Donald Trump and Joe Biden are not using registry locks to protect their domains from domain and DNS hijacking, research suggests. The research from CSC’s Digital Branch Services division found that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols.

Presidential candidate domain traffic at risk of phishing scams, highlighting need for brands to review vulnerabilities

World Trademark Review October 8, 2020

Over 90% of domains associated with the U.S. presidential election candidates are at risk of potential redirection, disinformation and data theft reveals new research from domain management service CSC. Both Joe Biden and Donald Trump’s websites were identified as risk centers for outgoing and referral domains that were vulnerable to attack. The findings are a reminder that brand owners need to act quickly to ensure that their domains are truly secure.

US Election-Related Websites Vulnerable to Fraud, Abuse

Dark Reading October 8, 2020

The vast majority of websites that link to joebiden.com and donaldjtrump.com do not use basic DNS security controls, new research shows. In August, CSC's Digital Brand Services division identified 988 outgoing and referral domains that link to the two presidential campaign sites – and found more than 90% of them do not use registry locks, says Mark Calandra, executive vice president of CSC DBS. These type of sites include major U.S. news outlets, political sites, and donation-driven pages.

Best Practices for Managing Digital Asset Security

Join us for our monthly Industry Update webinar, where we spend 30 minutes on the latest news in Domain Management & Security, Brand Protection, and Fraud Protection.

New CSC Research Finds Over 90% of Websites Linked to Donald Trump and Joe Biden Campaigns at Risk for Potential Redirection, Disinformation, and Data Theft

Due to the sensitivity and importance of the U.S. election process, domain security remains a major vulnerability for the potential of foreign interference, fraud, and misinformation. Nearly 70% of misspelled domains are configured to send and receive emails, which can be used to lure donors to phishing sites.

Dot Brand Insights: October 2020

In our October 2020 Dot Brand Insights Report, we report on a distinct uptick in the activity surrounding .BRANDs, ranging from the manufacturing, pharmaceutical, and internet services, to enterprise products and services sectors—sectors that got a big increase in business activity through Q3 2020 despite the COVID-19 pandemic.

Mergers and Acquisitions: Taking Care of Digital Brands During Entity Consolidation

Your company has acquired another entity or merged with one. Congratulations! This best practice guide will help you understand the challenges of merging digital assets and how to secure them by highlighting important steps to consider and apply.

Domain Security Best Practices for Australian Corporations

Australia is now in a heightened state of cybersecurity. Together with our guest speakers Bruce Tonkin, COO of .AU Domain Administration Limited (auDA), and Ram Mohan, COO of Afilias, we’ll discuss domain security—the cornerstone of preventing cyber threats, such as domain name system (DNS) hijacking.

Safe domain: How to protect your enterprise from DNS hijacking

Help Net Security September 1, 2020

In August 2019, cybersecurity researchers revealed that a hacker group known as  Sea Turtle targeted 40 telecoms, internet service providers, domain registrars and government organizations in the Middle East and North Africa. The attackers hijacked the domain names of ministries of foreign affairs, intelligence/military agencies and energy-related groups in those regions. As a result, Sea Turtle was able to intercept all internet data – including email and web traffic – sent to the victims.

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Inc. June 25, 2020

A recent study shows that companies can't defend against potentially catastrophic domain name hijacks.  The study, released earlier this month by international business firm CSC, found that 83 percent of organizations surveyed haven't implemented baseline security measures like domain name registry locks, which help prevent domain name hijacking and/or unauthorized transfers..

83% of Global Enterprises Do Not Have Basic Domain Security Measures

CISO Magazine June 19, 2020

Latest research from domain security provider CSC revealed that security gaps in enterprise domain security procedures expose organizations’ networks to cyber risks and vulnerabilities such as domain name system (DNS) hijacking, data fraud, and phishing attacks.

83% of Forbes 2000 Companies' Web Domains Are Poorly Protected

Help Net Security June 18, 2020

There are significant shortfalls in enterprise domain security practices, putting organizations' internet-facing digital assets at risk to threats, including domain name and DNS hijacking, phishing, and other fraudulent activity.

Most Forbes Global 2000 Companies Lack Basic Domain Security

Security Boulevard June 18, 2020

Most Forbes Global 2000 organizations don’t have even basic domain security in place, leaving them open to attacks with potentially devastating consequences, according to a report from CSC Digital Brand Services (DBS). Forbes Global 2000 companies don’t take domain security seriously, and proof is in the 2020 Domain Security Report: Forbes Global 2000 Companies underlines just how big a problem it actually is.

World's Largest Public Companies Lack Basic Domain Security Protections, Report

MSSP Alert June 17, 2020

Over 80% of the world’s largest public companies failed to adopt basic domain security measures.

83% of Forbes 2000 Companies' Web Domains Are Poorly Protected

Dark Reading June 16, 2020

Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.

Cyber Security Beyond the Firewall – DNS

What is the domain name system (DNS) ecosystem and what are its vulnerabilities? How can companies mitigate threats to DNS? Keynote speaker, David Conrad, CTO of ICANN, and speakers from the industry discuss DNS hijacking, and how to evaluate current security measures against these kinds of attacks.

How to protect your organization's domain from security threats

Tech Republic June 16, 2020

Your organization's public-facing domain is often as important and critical a resource as are your internal files, data, and network. And just as you protect your internal infrastructure from cyberthreats, so too do you need to protect your domain.

CSC on The CyberWire Daily Podcast

This week, CSC’s executive vice president, Mark Calandra, featured in The CyberWire Daily Podcast with David Bittner, speaks about insights from our 2020 Domain Security Report.

Online Brand Abuse in APAC: The Landscape and Its Solutions

The Asia-Pacific region is an important market, but it’s fraught with problems for brand owners. Learn about fraud trends in APAC markets, key platforms of brand abuse, and how monitoring and enforcing trademarks can help.

CSC Becomes First Foreign-Owned Company to Receive Domain Registrar License in China

Accreditation enables organization to provide domain registration and management services to local and global companies doing business in China.

Dot Brand Insights: June 2020

In our June 2020 Dot Brand Insights Report, we look into the increase in .BRAND domains being used by brand owners to communicate important messaging to their customers, investors, and employees in light of the COVID-19 global pandemic.

Domain Security Blind Spots Put Global Enterprises at Serious Risk According to New Research from CSC’s Digital Brand Services Division

New research shows information technology and media and entertainment sectors take the most sophisticated approach to domain security while materials and real estate industries are most susceptible to attacks.

Domain Security Report

In this report, we analyze the domain name security posture of the Forbes Global 2000 that reveals 83% are at greater risk of domain name hijacking because they have not adopted basic domain security measures like the registry lock protocol. Find out which industries and regions fare better in their security posture against global adoption benchmarks.

Domain Security Checklist

While companies are making significant investments to improve their security posture and reduce risk, many are still exposed to security blind spots when it comes to proactively and securely managing some of the most fundamental internet assets that allow them to conduct business—unsecure domain names, DNS, and digital certificates.

Digital Asset Security: Back to Basics

Worldwide, cyber attacks and data breaches are coming from all directions. They're on the rise, making it harder to secure an online brand.

So how can you manage today's risks? Get back to the basics of digital asset security.

6 Ways to Strengthen DNS Security

At the inception of the internet and domain name system—aka, DNS—only education organizations and government bodies were online. Back then, trust was assumed and security wasn't even a thought. But today with the world online, DNS is one of the most regular targets of cyber criminals.

The Case for a Secondary DNS Service

Enterprise security was previously focused on protecting the online perimeter (i.e., the network border). Blocking malware and bad agents from entering the network meant protecting your data and your business.

DNS Hijacking: Recent Events and Recommendations

Businesses have invested in security solutions at an exponential rate to protect their organizations from cyber threats. Yet, many companies remain exposed to what security experts are now referring to as critically important security blind spots.

Dot Brand Insights: February 2020

In our February 2020 Dot Brand Insights Report, our experts look at the increase in the number of .BRAND domain name registrations and the steady climb of domains under management (DUM)—including what industry is responsible for a 200% DUM count.

Beyond the Firewall: Implementing DNS Defenses to Mitigate Online Vulnerabilities and Threats

DNS forms the underlying infrastructure for how the internet works, serving as a directory to point users to the right web content. When DNS goes down, websites, email, voice-over IP, and remote employee login goes down with it.

The 3 Most Detrimental Cyber Attacks and How to Stop Them

Cyber attacks. They happen every day and affect everyone from companies down to consumers. Many companies aren't yet doing enough to protect their brand and their customers—and it's easier than you think. Putting a few key security measures in place can help with cyber attack prevention. Sometimes, even before they hit the inbox.

In this report, we talked to our chief information security officer, Scott Plichta, to get the inside scoop on the three most detrimental cyber attacks and how to stop them.

10 Steps to Tackling Online Counterfeiting

In an interactive guide, we've identified 10 best practices that can help you tackle online counterfeiting. From understanding your critical business drivers—like revenue and reputation—to identifying what channels to monitor, and choosing your targets.

Cyber Security Report: October 2019

In our October 2019 edition of the CSC Cyber Security Report, we take an in-depth look at the contractors of public actors in the defense industry globally and the waves of attacks that are hitting these agencies and causing security breaches. affecting national security and the well-being of citizens.

Cyber Security Report: June 2019

Securing a company's digital infrastructure has become a major concern to corporations worldwide.

Recent CSC research focuses on the media industry, revealing that 78% of global media brands use a corporate domain registrar, yet only 37% of those have a registry lock to protect their DNS from hijacking.

Developing and Launching a New Brand

Launching a new brand or redeveloping an existing concept requires painstaking attention to detail from the initial idea to completion of the project. During the process, a business might ask questions about how their brand or product will be received, who the target audience is, and the strategy behind the change.

It's pertinent to remember your digital brand and how your launch will be viewed online. There are several best practices to keep in mind, including how monetize your online presence, and the security measures you need to keep your brand safe.

Digital Asset Security Checklist

To help brand owners understand and get secure against the very real threats that exist, CSC released CSC Security CenterSM in 2018—a first-of-its-kind digital asset intelligence tool that exposes security blind spots to help mitigate cyber threats.

Our Digital Asset Security Checklist covers six key areas that are often overlooked when it comes to cyber security.

DNS Hijacking: Security Learnings from the Latest Incidents

Waves of DNS hijacking affecting government and telecommunications domains, as well as internet infrastructure entities across the globe, has resulted in increased efforts—even emergency directives—to protect domains from further attacks.

The U.S. Department of Homeland Security (DHS) has quickly implemented new procedures to further protect federal domains. And other governments—including the U.K. and France—are following suit.

In this recorded webinar, CSC global product director of Security Services, Mark Flegg, discusses recent events, learnings gained, the most relevant developments around digital asset security, and how it all impacts your company in the fight against cyber threats.

Dot Brand Insights: October 2019

In our October 2019 Dot Brand Insights Report, our experts look at the increase in the number of activated .BRANDs—meaning .BRANDs that have registered five or more domain names within their branded domain.

Companies can create the level of security they want within their .BRAND ecosystem, building trust with their audience, including ensuring every .BRAND site employs DNSSEC, digital certificates, and DMARC. Inside, we share what six .BRANDs have to say about their domains, and what they use their .BRANDs to communicate to employees and the world.

Companies are Using their New Dot Brands

CSC expert analysis shows that through the first quarter of 2019, .BRAND domain registrations increased by 5%. Simultaneously, there was a 4% increase in the total of active (live) domains—meaning, companies are using their new .BRANDs. The major contributors are customizing their websites for employees as well as customer- and country-specific initiatives.

Banks, Cars, or Insurance: Which Industry Takes the Lead in Dot Brand Use?

In this edition of our Dot Brand Insights Report, our experts dissect the increasing domains under management (DUM)—including revealing what industry is responsible for the 200% lead in DUM count—and look at the increase in .BRAND registrations.

You'll also read about how Google^® came to be, and read a delightful story about how they decided to use its new generic top-level domain.

The EU GDPR: One Year On

On May 25, 2018, the GDPR became enforceable. While the primary purpose of the GDPR is to protect the personal data of EU residents, its real impact has been far broader in geography and scope.

In this recorded webinar, Gretchen Olive, CSC's director of policy and industry affairs, explores how the GDPR has changed much more than the rules around data privacy.

Five Steps to UDRP Success

Cybersquatting is on the rise, with a noted uptick over the past several years. Closely linked to problems such as brand abuse, traffic diversion, counterfeit goods, trademark dilution, phishing attacks, and malware distribution, cybersquatting can be very costly to brands.

GDPR: Cyber Security Issues Abound

CSC's Mark Flegg, global product director of Security Services, gives insight into the General Data Protection Regulation (GDPR), what this means in terms of cyber security, and how to protect yourself and your business from cyber criminals.

Going Phishing: Countering Fraudulent Campaigns

Phishing remains the most used vehicle for corporate data breaches, credit card fraud, and identity theft. Malicious links are clicked and corporate passwords are given up, leaving companies and consumers vulnerable.

In the World Trademark Review article, Going Phishing: Countering Fraudulent Campaigns, we share why securing digital assets is a MUST—especially considering the October 2017 U.S. Department of Homeland Security Domain-based Message Authentication, Reporting, and Conformance policy and the European Union's General Data Protection Regulation (2016/679) that went into effect May 25, 2018.

The Online Counterfeit Economy: Apparel and Accessories

As the digital world continues to expand and become a bigger part of our daily lives, counterfeiters are finding ways to take advantage of our reliance on apparel and accessories.

This guide is a snapshot of the apparel and accessories counterfeit market; here, we outline four key steps to protect your brand from these threats.

The Online Counterfeit Economy: Consumer Electronics

As the digital world continues to expand and become a bigger part of our daily lives, counterfeiters around the world are taking advantage of our reliance on consumer electronics.

This guide takes a snapshot of the counterfeiting landscape in the consumer electronics market, and maps out four key steps to protect your brand from threats.

Security Tool Kit

Equip your employees and protect your company from cyber threats.

7 Steps for Creating a Successful Domain Policy

Each and every day, millions of people go online for information that will inform their decision making and purchases—and they won't access or search for your digital brand the same way.

Make sure your digital portfolio of brands is broad enough to protect and promote your brand, so all the equity you've built in your company's reputation doesn't get diluted from one lost domain. Be in a better position to secure, promote, and protect your brands online in a disciplined and accountable way by using a seven-step process—and join the growing ranks of organizations in full control of their domains.

What's the Point of Domain Name Registrar Security, Controls, and Processes?

The missing links in most cyber security risk postures.

Domain Name Strategy 2020: Blocks, WHOIS, Cyber Criminals and Other Challenges

As domain name policies, data privacy, cyber security regulations, and the global threat landscape continue to rapidly evolve, so must your domain name strategy. In this recorded webinar, CSC's Gretchen Olive delves into emerging issues not to be overlooked in formulating your 2020 domain name strategy.

What You Need to Know About Online Marketplaces in Asia: New Trends and Emerging Marketplaces

Combatting counterfeiting in online marketplaces with an effective enforcement strategy is now a key part of many successful online brand protection programs. Have you considered your strategy for online marketplaces in Asia?

China's Revised Web Policies

In late 2017, the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China updated their domain name registration and web hosting policy.

This will impact global companies with a web presence in China—affecting not just .CN domains and Chinese international domain names, but any domain or top-level domain that is web hosted in China, including .COM and .NET, and more.

ICANN 64 Kobe Insights

Enjoy a look back on the ICANN 64 policy forum in Kobe, Japan, including the discussions on internet policy development, outreach, and community networking.

ICANN 63 Barcelona Insights

"Meet" us in the metropolis of the Mediterranean Sea, where we take you back to Barcelona's discussions on internet policy development, outreach, and community networking.

Insights from ICANN 62 in Panama City

The second of three ICANN meetings will take place in Panama City, Panama on June 25. The four-day Policy Forum will focus on current policy development work, outreach, and daily opportunities to network with the community, including CSC experts.

Internet Insights from the Walled City

The three-legged stretch of 2018 ICANN meetings begins March 10 in San Juan, Puerto Rico, and CSC's experts will be there to report on the many internet-related to be discussed, including increasing competition on the web and the latest domain name and brand protection developments. Gretchen Olive, CSC director of Policy and Industry Affairs, and Ben Anderson, head of New gTLD Services for CSC, will then present their findings from ICANN 61 via a live webinar.

The Life Cycle of Digital Certificates Reduces Again

In 2015, the CA/B Forum reduced the certificate lifetime of organization validation (OV) and domain validation (DV) certificates from four to three years.

Again in March 2018, the lifetimes were further reduced to two years, in line with extended validation (EV) certificates that were already at two years, maximum

6 Ways to Strengthen DNS Security

The domain name system (DNS) grew to prominence during the initial, innocent days of the internet.

During that time, early internet users tended to work for government or education organizations where trust was assumed, and security was not even a consideration.

Why Domain Name Security Matters Most?

Cyber criminals are taking advantage of this risk and have been doing so for quite some time.

Throughout 2019, Cisco Talos warned about the state-sponsored Sea Turtle attack taking control of DNS systems and stated, "the actor ultimately intended to steal credentials to gain access to networks and systems of interest."

And just this week, Reuters reported in "Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks – sources” that another group of hackers alleged to be working for the Turkish government's interests attacked government organizations and companies via DNS hijacking.

DNS, Domain Names, and Certificates: The Missing Links in Most Cyber Security Risk Postures

Do you know who your domain name registrar is (the domain name management company that holds the keys to the kingdom)?

What do you know about your domain name registrar's controls, security, policies and processes?

Does Your Domain Have a Registry Lock?

According to data provided by digital brand protection firm CSC, while domains created in the top three most registered top-level domains (.COM, .JP and .CN) are eligible for registry locks, just 22% of domain names tracked in Forbes' list of the World's Largest Public Companies have secured registry locks.