DNS: The Neglected Building Block, Part 6 – DNS Management is a Boardroom Discussion

by Ken Linscott

The 2018 Business Continuity Institute’s Horizon Scan Report identified the top 10 business continuity risks reported by 657 respondents in 76 countries. And unsurprisingly, DNS was a contributing factor in four of the 10 risks—due to the vulnerabilities we’ve outlined in this blog series—including cyber attacks, data breaches, unplanned IT and telecom outages, as well as supply chain disruption.

In our last post, we shared CSC’s recommendations for securing DNS from the 10 vulnerabilities, which included adopting four policies to:

  1. Employ advanced security features for business critical domains
  2. Control user permissions
  3. Secure domain and DNS portal access
  4. Consolidate with an enterprise-class domain, DNS, and digital certificates provider

In this post, we address who should be responsible for implementing these policies.

With any cyber attack, companies face potential loss of trade secrets and intellectual property, as well as litigation brought by impacted customers, partners, and shareholders. Significant reputation damage and loss of investor confidence could also occur, often accompanied by a fall in the stock price.

That means boards are responsible for understanding all risk, including cyber risk. It’s clear domains and DNS are at risk of poor management and third-party attacks. If an incident occurs, the actions of the board will be closely watched in the court of public opinion, the legal courts, and by lawmakers.

However, security of domains and DNS is a means to an end—the end meaning compliance. Recent research from the Ponemon Institute[1] regarding digital certificates suggests that organizations are less interested in the actual security benefits than they are in maintaining compliance and avoiding fines and penalties due to non-compliance (think EU General Data Protection Regulation, enacted May 2018, able to fine companies up to 4% of their global annual revenue for failing to safeguard customer information).

If a company’s board is does not understand that DNS is recognized as a prime target for data exfiltration, there’s no better time to share the information. Organizations that experienced data theft via DNS vulnerabilities increased from 28% in 2017 to 33% in 2018[2].

Implementing and enforcing a DNS security policy with CSC Security Center

CSC Security CenterSM is a platform we developed that understands the risks around vital domains—giving companies the ability to present domain security risks to their board for policy decisions necessary to mitigate cyber threats. CSC Security Center also enables policy enforcement, sending notices when policies are not adhered to.

This unique approach will change the way domains and DNS are secured. The platform identifies business-critical domains, monitors them continually to ensure they’re secured with the right protections, and alerts companies to any security blind spots.

We’ve also established an automatic registry lock policy with our CSC Security Center clients to mitigate the risk of DNS hijacking of their vital domains. The Auto-Lock Policy works in tandem with the best practice of auto-renewing domain names to avoid expiration and third-party registration.

We advise companies to partner with enterprise-class providers that have the resources and tools to help enforce strong policies. Your board will appreciate a strong partner once they understand the risks and the implications of poor management and third-party attacks on DNS, and they’ll want to invest in the partner who is the most security conscious.

Subscribe to our blog

Subscribe to our blog to receive notification of new posts.

Read previous posts in this series:

<< Part 1 – What DNS is and How it’s Vulnerable

<< Part 2 – Four DNS Vulnerabilities You Need to Know About

<< Part 3 – Six More DNS Vulnerabilities That Make Security Crucial

<< Part 4 – The Growing Threat of DNS Hijacking and Domain Shadowing

<< Part 5 – Mitigating the Risks of 10 Serious DNS Vulnerabilities

Download our most recent Cyber Security Report.


[1 ]thesslstore.com/blog/71-of-organizations-dont-know-how-many-certificates-keys-they-have/

[2] efficientip.com/wp-content/uploads/EfficientIP-DNS-Threat-Report-2018.pdf