NordVPN Promotion

Home / Industry

Five Years of Domain Security Insights: CSC’s Latest Findings on Global 2000 Companies

Domain Security Risk Levels – 72% of companies have implemented fewer than half of the security measures, with 112 companies scoring 0%, indicating no security measures and the highest risk of threats. (Source: CSC)

This year marks the fifth annual release of CSC’s “Domain Security Report,” which continues to shed light on the evolving landscape of domain security among Global 2000 companies. The anniversary coincides with CSC’s 125th year, underscoring its long-standing commitment to brand protection and cybersecurity. Over the past half-decade, significant progress has been made in adopting key domain security measures, but with cyber threats intensifying—especially with phishing attacks on the rise—much remains to be done. The report highlights areas where companies are vulnerable, offering insights to help organizations strengthen their defenses in the external attack surface, where many cyber risks originate.

One of the key findings of the 2024 report is the persistent risk posed by homoglyph domains—lookalike websites designed to impersonate legitimate companies. Alarmingly, 80% of such domains that resemble Global 2000 brands are owned by third parties, with 42% of these having email exchange (MX) records, potentially enabling phishing attacks. Although there has been some progress in mitigating these threats, companies continue to face challenges in securing their domains, especially when it comes to third-party ownership of domain lookalikes. These domains present significant reputation risks, and businesses must take proactive steps to safeguard their online presence.

The report also highlights an 82% growth in the adoption of domain-based message authentication, reporting, and conformance (DMARC) since 2020, driven by the increasing prevalence of phishing attacks. DMARC helps protect companies from email spoofing and has risen in popularity as companies recognize its importance in fortifying their email systems. The integration of DMARC with other tools, such as brand indicators for message identification (BIMI), is further boosting adoption. Despite this progress, a notable portion of companies still lag behind in adopting other critical security measures like registry locks and domain name system security extensions (DNSSEC), leaving them exposed to significant risks.

Another concerning trend is the low adoption of registry locks that prevent unauthorized changes to domain records. While adoption has grown slightly, reaching 24% in 2024, it remains underused, particularly among companies using consumer-grade registrars, where only 5% have implemented this security feature. Registry locks are a simple but highly effective way to protect domains from hijacking, and businesses that neglect this measure are leaving themselves vulnerable to both human error and cyber threats.

As the digital landscape becomes more complex, CSC’s findings emphasize the need for a comprehensive approach to domain security. With cybercriminals becoming more sophisticated in their use of malicious domain registrations, companies must continuously monitor their domain ecosystems and invest in advanced security measures. From securing lapsed domains to mitigating risks associated with dormant subdomains, businesses need to stay vigilant.

As CSC celebrates its 125th year, its role as a trusted partner in domain security remains as critical as ever, providing expertise and tools to help companies protect their brands and maintain a robust cybersecurity posture.

Download the full report.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CSC, We are the business behind business

We help effectively manage, promote, and secure our clients’ valuable brand assets against the threats of the online world. Leading companies around the world choose CSC as their trusted partner to gain control of their digital assets, maximize their online potential, and increase online security against brand risks.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion