Cyber Security Findings for the Media Industry
Securing a company’s digital infrastructure has become a major concern to corporations worldwide. With leading security companies and other organizations alerting corporations and the public to recent widespread, state-sponsored domain name system (DNS) hijacking, more and more brands are starting to take action.
CSC has been issuing Cyber Security Reports since 2017, culling the most important information about security risks, and in particular, risks to brands that are not mitigated by a traditional firewall.
The recent research conducted by CSC focuses on the media industry, revealing that 78% of global media brands use a corporate domain registrar, yet only 37% of those have a registrar lock to protect their DNS from hijacking. Recent domain hijacking, unauthorized changes, and deletion of vital domains have shown that effectively managing domain names and DNS must become a critical component for enhancing the security posture of any company with an online presence.
More worrisome is that, out of all analyzed global media brands, 55% use enterprise DNS, but only 3% have domain name system security extension (DNSSEC) enabled.
Lack of deployment of DNSSEC leads to vulnerabilities in the DNS by way of DNS spoofing or cache poisoning, which can include an attacker hijacking any step of the DNS lookup process, resulting in hackers taking control of an internet browsing session or redirecting users to deceptive websites.
“Security attacks—in particular, those outside the firewall—aren’t new, yet they are becoming more sophisticated and vicious by the day,” says Ken Linscott, product director at CSC. “We strongly advise clients to use the tools and recommendations available to get their digital infrastructure secure. There are very simple and cost-effective implementations that will protect brands as well as customers.”
The report also includes domain security trends among global media brands, phishing and email fraud risks, as well as recommendations on how to secure the digital infrastructure.