Your Cybersecurity is Only as Strong as Your Weakest Vendor

This article has been indexed from CircleID: Cybercrime

Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it’s not if but when you’re attacked?

To assess, we can look at the domain and domain name system (DNS) vulnerabilities within a company’s cybersecurity posture, as this is often a blind spot for many businesses. Companies manage their domain portfolios via two general categories of domain registrars: consumer-grade registrars and enterprise-class registrars. A consumer-grade registrar specializes in domain services, websites, and email for personal use, entrepreneurs, and small businesses that are just getting started. In contrast, enterprise-class registrars focus on corporations and brand owners that require increased security, advanced capabilities, and support staff.

The registrar that your organization uses matters. As my colleague, Vin D’Angelo, mentions in Infosecurity Magazine, consumer-grade domain registrars are not inherently malicious actors, but because of certain standard business practices, they attract bad actors that execute brand abuse, phishing attacks, and fraud. For example, on February 1, the PERL.COM domain, managed by the Perl Foundation, was hijacked by cyber criminals who redirected the URL to a domain parking site that may have been related to sites that distributed malware in the past. Bad actors had hacked into the PERL.COM account (whose domain registrar is consumer-grade Network Solutions) and the Perl Foundation found it for sale for $190K at afternic.com, a domain parking site.

As I mentioned in my blog “Four-Pronged Approach to Keep Your Domain Names and DNS Secure from Cyber Attacks,” working with an enterprise-class provider can help you develop the right compliance checkli

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Your Cybersecurity is Only as Strong as Your Weakest Vendor