Forbes 2000 brands are dangerously unprotected from phishing and hijacking, with 81% failing to use registry locks for their domains, according to Domain Security Report: Forbes Global 2000 Companies, a study released Tuesday by domain protection firm CSC.
Only 50% utilize a DMARC (domain-based message authentication and conformance) record, the standard email authentication method.
And, 57% utilize off-the-shelf consumer-grade registrars, offering limited domain security mechanisms.
In addition, 70%
of homoglyph (fuzzy match) domains typically used in phishing and brand abuse are owned by third parties.
Basic domain security measures “continue to get overlooked because they’re still not considered an essential component to a company’s broader phishing, BEC or ransomware mitigation approach,” states Mark Calandra, president of CSC Digital Brand Services.
Calandra adds: “A focus on securing legitimate domains while monitoring for malicious domains in parallel needs to be a bigger priority for companies in order to stay protected and mitigate cyber risk. Otherwise, companies are exposing themselves to significant threats to their cybersecurity posture, data protection, intellectual property, supply chains, consumer safety, revenue and reputation.”
DMARC adoption varies by industry:
CSC also found 70% of the third-party domains reviewed were suspicious:
The research is based on analysis of publicly available DNS records and domain registrations, combined with CSC's proprietary technology.