Skip to main content

DNS: the threat and the solution

By 7 September 2021No Comments

Gareth Jehu, at Com Laude explains why DNS management is imperative for business protection

Ten years ago, the threat of a Domain Name System (DNS) compromise wasn’t so high on the radar for many businesses. The move to digital has accelerated exponentially in recent years. This has sadly been matched by an increase in the scale and frequency of DNS-related cyber-crime.

How businesses host, manage, and protect their DNS is now an integral part of improving their overall digital security posture.

Only with the right domain name management strategy in place can organisations safeguard critical domains, associated digital services and brand Intellectual Property. This must be a key part of any corporate domain name management process in order for organisations to protect against breaches, avoid nasty costs from regulatory fines and ensure brand reputation.

The cyber-security challenges around DNS

Emerging from the pandemic, the online space has been – and continues to be – radically transforming. Research shows that global cyber intrusion activity increased by 125% in the first half of 2021, compared with the same period last year. As attacks become more sophisticated, and with the method of attack frequently changing, it’s more important than ever that businesses protect themselves in every way that they can.

Often when attacks occur, this results in information security breaches. These are costly to businesses in terms of regulatory fines and increased operating compliance costs, as well as brand reputation damage. For most companies, the cost of losing key digital services for a day, a few hours or even minutes, is considerable, affecting brand reputation, increasing cost and resulting in loss of revenue.

Even worse is when businesses are forced to foot the bill for hefty ransom payments. In the first half of 2021, the average ransomware payment increased 82% up to a staggering $570,000.

Many domain names are still hosted on the more basic Unicast DNS. This can still be appropriate for defensive, non-operational domains.

However, anything that services critical business functions such as email, websites or key operational or transactional processes needs a different approach. They must be protected by an enterprise-grade solution, in order to ensure high availability and responsiveness, and to safeguard them from attack vectors that include volumetric Denial of Service attacks, DNS hijacking and DNS cache poisoning.

The size of the threat has now grown to the extent that businesses are naturally becoming more security conscious, either through self-choice or regulation. This is reflected in the value and worth of the global cyber-security market, which has grown from a mere $3.5 billion in 2004 to a predicted $170.4 billion in 2022.

How businesses host, manage, and protect their DNS is now an integral part of improving their overall digital security posture. This security posture will automatically feed into brand reputation. The absence of strong cyber-security alongside the increasing awareness of cyber-crime means that trust will be crucially maintained through how they protect their DNS.

Successfully manage your DNS

The ever-present and increasing threat to businesses of all sizes from criminal cyber activity needs to be countered with the secure safeguarding of domain names and their associated DNS hosting service.  If you are to ensure uninterrupted DNS resolution of your domain names and associated digital services, and protect them from attack, the following steps should be considered:

1.      Use an enterprise-grade DNS platform

Using this type of platform will ensure high availability and responsiveness of domain names and will safeguard them against attacks including volumetric Denial of Service attacks, DNS hijacking and DNS cache poisoning. Moving to this platform is quick and safe, provided you have the support of an established and experienced provider.

2.      Audit your domain portfolio

Assessing your portfolio of domains can be done with full visibility by using an enterprise-grade DNS platform. Core and non-core domain names can be identified, and domain names that are being paid for but are no longer required can also be eliminated. This will ensure that only the essential domains are protected against, and protection is therefore much more efficient.

3.      Centralise assets and security

Centralising the management of domain name assets and DNS through a single, secure user interface and API will give businesses a clearer picture of the risk and measures needed to protect it. Overall improvement in digital security will also provide the opportunity to right-size portfolios, ensuring good alignment between business need and portfolio size and coverage.

The question of who purchases domains, who manages them and even what registrations the domain name portfolio contains can be more easily managed through this centralisation. It can also provide the opportunity to identify the ‘crown jewel’ registrations that need additional security measures, such as, SSL protection, registry locks and online brand protection.

4.      Identify gaps and fill them

By centralising portfolios, businesses will typically identify domain names that they didn’t even know had been registered or were operational, as well as associated gaps in security protection. This identification enables businesses to apply the right security protection needed and plug any gaps that are identified.

5.      Involve all stakeholders

Domains can typically fall under different disciplines in a company. Legal/IP, marketing and IT all need to be involved in the process of creating and protecting these assets, from registrations for new product launches to online brand protection.

By establishing a company-wide understanding of the importance of DNS management and a coordinated approach with key stakeholders, no one is left in the dark and it is less likely its management will fall between the cracks, leaving a business exposed.

6.      Stay informed and in control

Educate yourself and colleagues on the cyber-criminal threats that exist. The internet is dynamic and rapidly changing, with new threats emerging all the time. Working with an established provider, remaining informed and in control of domain name security services will allow organisations to remain one step ahead of the emerging threats.

Keeping DNS secure

It may be easy to neglect a business’s DNS management as it can sit between multiple business units and owners, but its importance cannot be underestimated. Without domain name security and preventative measures in place, bad actors who are ready to take advantage will, causing costly repercussions and inevitable damage to business reputation.

Organisations must make DNS management a priority by using an enterprise-grade DNS platform and working with a partner who can assist in auditing and protecting the businesses domain assets,to safeguard their organisation long term.

Gareth Jehu is Global Operations Director at Com Laude

Main image courtesy of


All rights reserved Teiss Recruitment Ltd.