Why Domain Protection Is A Key Pillar Of Cybersecurity

Cybersecurity is one of the most challenging areas of technology. In an era of (almost) digital everything, having a spotless and secure online identity has become essential for both businesses and individuals. 

Over the years, this risk has become a real governance issue for companies as it is interconnected with other risks: whether it is a loss of strategic data or an attack on reputation.

There are several types of threats that can make companies vulnerable and put their digital identity at risk, with phishing being particularly prevalent. Just last year, 76% of businesses reported being a victim of a phishing attack. Out of these, internationalised domain name (IDN) homograph attacks account for some of the most dangerous, sophisticated, and effective hacks. These work by hackers using domains that usurp the visual and legitimate identity of a domain, in particular by using characters that appear similar to the Latin alphabet. It is imperative that businesses are able to prevent such attacks.

Understanding Homograph Attacks And The Danger They Pose

A homograph domain is essentially a “look alike” domain. Domain names support international characters to be inclusive of all languages. The trouble arises when bad actors create domains by mixing characters that look similar with the intent of deceiving or defrauding a target. 

One reason as to why these are so dangerous is that there are potentially millions of homographic variations of names. Many phishing attacks are socially-engineered, meaning they rely on a person to trust that the scammer is actually legitimate. A domain name or email address that looks nearly identical to the legitimate name could easily convince a target to take a compromising action. 

The nature of the attack can vary, but the target is convinced because they believe the scammer is the trusted brand, business, or person. What if your boss emailed you a request for a funds transfer, from an email address that looked just like their primary email? We’d all like to think we’d catch the subtle difference in look, but depending on the way the characters are rendered online, the difference might be imperceptible. 

When it comes to IDN homograph attacks, the damage caused can be severe. Thus, prevention is far better than treatment or cure. 

Preserving Digital Identity Means Stability - And Can Even Be A Driver Of Growth

Cybersecurity has always been far more than just a concern over IT. Fighting against data breaches is also about protecting the private information of customers and staff, protecting against regulatory action, and maintaining reputations. 

During a homograph attack, an entire business ecosystem is put at risk, and it only takes one link in the chain to be affected to drag another into trouble. For example, a customer goes to a company's website to make a purchase. They checkout and enter bank details, as visually everything looks legitimate. The customer makes the purchase and only later realises they have been dealing with a malicious site. From that moment on, it is the company's brand that is tainted, since it is as easy for the customer to go to the real website as it is for the impostor. 

The above example may seem simplistic. Yet these circumstances occur regularly, causing great damage to both reputations and to the bottom line. 

Business success is no longer measured solely by economic results, but also by the overall 
image and reputation of the company. Thus, domain protection is key to not just brand protection, but in being able to secure further customer acquisition and growth. 

Acting Upstream And Throughout The Lifetime Of A Domain Name

By putting in place mechanisms to reduce the risks and impact of an attack, companies limit their operational threats. Selecting a domain name with homographic blocking is a key protective step.

An upstream solution can automate this protection from the moment the domain is registered. It does this by identifying all the  characters in the domain name, which then makes it near-impossible for scammers to use homographs to target customers or staff.

This solution must be applied during all the lifetime of the domain, otherwise it will not be a truly preventative measure. Companies would be wise to pick a provider that offers such a solution built in and which covers the lifetime of the domain, to offer complete protection as we see ever increasing and sophisticated homograph attacks. Investing in brand protection — for both customers and staff — is paramount. 

Despite the homograph attacks being known since 2001, it is still one of the major challenges in the cyber security and threat intelligence sector - with the sophistication of these attacks growing exponentially year on year. With risks falling not only on private and public sector companies but also on institutions and individuals, it is necessary for all stakeholders to be aware of the importance of protecting their domain name. 

Brian Lonergan is the Senior Director of Product at Identity Digital

You Might Also Read: 

Deactivated Domains Used For Spear-Phishing:

 

« DARPA Wants To Play With Artificial Intelligence
Artificial Intelligence Distorts Government Decision-Making »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

CertNexus

CertNexus

CertNexus is a vendor-neutral certification body, providing emerging technology certifications and micro-credentials for business, data, developer, IT, and security professionals.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.