Cyber Security Findings for the Media Industry

Published at Jun 21, 2019, in Ctrl Alt Del

Securing a company’s digital infrastructure has become a major concern to corporations worldwide. With leading security companies and other organizations alerting corporations and the public to recent widespread, state-sponsored domain name system (DNS) hijacking, more and more brands are starting to take action.

CSC has been issuing Cyber Security Reports since 2017, culling the most important information about security risks, and in particular, risks to brands that are not mitigated by a traditional firewall.

The recent research conducted by CSC focuses on the media industry, revealing that 78% of global media brands use a corporate domain registrar, yet only 37% of those have a registrar lock to protect their DNS from hijacking. Recent domain hijacking, unauthorized changes, and deletion of vital domains have shown that effectively managing domain names and DNS must become a critical component for enhancing the security posture of any company with an online presence.

More worrisome is that, out of all analyzed global media brands, 55% use enterprise DNS, but only 3% have domain name system security extension (DNSSEC) enabled.

Lack of deployment of DNSSEC leads to vulnerabilities in the DNS by way of DNS spoofing or cache poisoning, which can include an attacker hijacking any step of the DNS lookup process, resulting in hackers taking control of an internet browsing session or redirecting users to deceptive websites.

“Security attacks—in particular, those outside the firewall—aren’t new, yet they are becoming more sophisticated and vicious by the day,” says Ken Linscott, product director at CSC. “We strongly advise clients to use the tools and recommendations available to get their digital infrastructure secure. There are very simple and cost-effective implementations that will protect brands as well as customers.”

The report also includes domain security trends among global media brands, phishing and email fraud risks, as well as recommendations on how to secure the digital infrastructure.

S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.

Conflict of Interest Notice

S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.

Publishers Notice

The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.

Thanks for subscribing!

X