More than ever, start-up companies today operate at enterprise scale, making it worthwhile to ask whether they have strong foundational security measures in place to keep pace with the world’s largest public companies.
“Unicorns” are privately owned start-ups valued at more than $1 billion. The majority are pursuing advancements in IT and artificial intelligence (AI), and their innovations will inevitably shape the next generation of digital and enterprise platforms. Subsequently, they are likely led by highly skilled tech professionals who bring to the table – at the very least – core knowledge of cyber defense protocols and practices.
As unicorns reshape global markets, their approach to cybersecurity deserves the same scrutiny as their valuations.
That includes domain security, which is too often overlooked as a critical component of comprehensive protection. Indeed, domain security remains a missing pillar for industries across the board, leading to domain abuse and brand impersonation as adversaries conduct domain hijacking and register malicious domains with alarming frequency and ease. When domains are hijacked or web certificates expire, for example, the resulting gaps open the door for exploits. The mass deployment of AI should only accelerate these troubling trends, as threat actors increasingly use it to manipulate and compromise intelligent systems through tactics such as prompt injection attacks, data poisoning, and AI-enabled fraud.
Already, nine of ten organizations have experienced at least one domain name system (DNS) attack, at an average cost of $1.1 million per incident. Companies must recognize domain names, DNS, and brand trust as fundamental to their online presence and business strengths. The longer they overlook this as part of an overarching security strategy, the more their cyber risks compound as new AI/IT stacks are built, integrated, and layered into their systems.
In their quest to unveil the “next big thing,” unicorns can’t afford to ignore these threats. Cyber criminals will target them due to their high value and integral role in supply chains, especially those affiliated with AI. But, on the positive side, they can implement the right practices now so they can address risks as they scale.
So how are unicorns doing on the domain security front? Our research reveals that – for certain essential best practices – they’re actually ahead of their Global 2000 enterprise counterparts.
A stout preventative defense
Unicorns are adopting five DNS-related preventative measures in greater numbers than the Global 2000:
- Ninety-six percent have adopted domain-based message authentication, reporting and conformance (DMARC), compared to about 80 percent of Global 2000 brands. DMARC protects email domains from phishing and other cyber scams through email server reports which identify potential authentication issues and malicious activity.
- Nearly all are implementing sender policy framework (SPF), but Global 2000 companies aren’t far behind at 92.5%. SPF establishes solely authorized mail servers to send emails for an individual domain, enabling receiving servers to verify that email from the domain is coming from a trusted server.
- 15.8% are adopting DomainKeys identified mail (DKIM) compared to just 11.5% of the Global 2000. DKIM adds a digital signature to outgoing messages to further authenticate that an email was sent from an authorized domain.
- One-third are using certificate authority authorization (CAA) records, as opposed to just 11.4% of the Global 2000. CAA records allow an organization to designate a specific certificate authority as the sole issuer of certificates for the organization’s domains. Which means that if an adversary doesn’t use this authority to get a new certificate, their request will fail and the organization will get an alert.
- About 17% have implemented DNS security extensions (DNSSEC), while only 10.8% of the Global 2000 have done so. These extensions boost protection by adding cryptographic signatures to DNS records, to prevent DNS spoofing and other attacks.
But a shaky backup system
On a less-than-ideal note, only 1% of unicorns deploy DNS redundancy and nearly 90% use a single-cloud infrastructure. The Global 2000 doesn’t fare much better on DNS redundancy, with an 11.4% adoption rate. This clearly represents an area for improvement, as major service outages like we’ve seen in recent months will cause significant operational, financial and reputational damage if backup plans and infrastructure aren’t in place.
In addition, they are less likely to use an enterprise-class domain registrar – which offer more advanced brand protection and domain security management as opposed to just registrations. They are also less likely to use registry locks that prevent unauthorized domain transfers and DNS changes (commonly used for domain hijacking and phishing) by requiring human authentication, which is often handled offline.
There are many good reasons to closely follow unicorns – they’re the ones with the agility, knowhow, and passion to unleash the great tech transformations of tomorrow. And it’s encouraging to see they’re not pursuing this at the expense of domain security, at times pursuing it better than leading brand names in many industries.
This teaches us an important lesson: We don’t need to compromise protection to unleash innovation. When companies at any scale prioritize a robust domain security strategy, their domains will serve as a standard of defense, instead of the weakest link.
