Domain Security: Mitigating Threats With Online Brand Protection
By Chrissie Jamieson, VP of Marketing, MarkMonitor
Since the first domain name was registered back in 1985, the landscape of the internet has changed dramatically. While the domain name remains the foundation of any brand, there has been a shift in how domains are being used, especially with the launch of .brand domains as part of the generic top-level domain (gTLD) programme. This has created a profusion of brand extensions, unlocking important creative and commercial spaces. Yet, while the opportunities this explosion of possibilities offers can be transformational, securing and managing a growing estate can also open the door to significant and damaging threats – including brand infringement and cyber-attacks.
The results of a new global report commissioned by MarkMonitor highlight the scale of the challenge. It revealed that almost 1 in 4 of the world’s domains (23%) experienced a cyber attack in the last 12 months. Almost half (46%) of the 700 international IT, legal and marketing decision-makers approached also reported a rise in brand infringement.
Despite their potential vulnerability, the research also found that 87% of businesses are still taking a siloed approach when it comes to domain management, relying on individual departments and staff members and, in doing so, reducing their visibility and potentially exacerbating external threats. With domains at the core of a brand’s IP and online identity, the impact of these security and infringement threats can be significant and, in some instances, catastrophic.
Complex domain
For large brands – especially global operators – the domain management process involves not just choosing and registering an initial domain but also determining, registering and managing sub-domains, name variations, domains for campaigns, defensive registrations and regional domains.
Ongoing, domain management strategies support a number of business and legislative requirements: 60% of organisations approached reported using their domains to promote new products or services; 38% reacted to changes in the market, such as generic top-level domain (gTLD) launches; 34% said reaching an international audience was a driver while 27% used their domain strategies to help mitigate brand abuse.
Inevitably, managing and renewing these large, evolving domain portfolios is cost and time intensive. The larger the estate, the more challenging the task with 15% of organisations owning 100-249 domains; 9% with 250-500; and 8% with between 500 and 1,000.
Given the size of their domain portfolios, it is hardly surprising that common challenges include security (56%), cost (40%) and keeping track of domains (34%).
Breaking the silo
A key part of the challenge is that responsibility for domain management typically falls to just one department. Among the organisations surveyed, in most cases this was IT / IT security (46%), followed by legal (16%) and marketing (13%), with a further 13% using a combined approach.
The renewal process is equally problematic: 21% rely on just one person and 26% of respondents look to renewal notices to retain their domains.
Leaving this key task to just one person means they alone are left to determine which domains are more important than others, which are being used and which domains can be sold. Often, these decisions are made without key strategic information from the wider business, which can result in missed opportunities. Moreover, if the individual leaves or moves roles, their knowledge of renewals and management can be lost and renewal deadlines missed – with damaging consequences.
The fact that not all domains are currently active can also add to the complexity around domain management, presenting more missed opportunities. Almost one-fifth (18%) of respondents said that just 25% or less of their portfolio was active. A further 28% reported that less than half (26-50%) of theirs was active and 36% said 51-75% was active.
When it comes to securing budget for management and security, as well as ensuring that the domain process is included in the overall brand protection strategy of the business, board-level support is crucial.
As well as dedicating the right resource to the task, board-level visibility and backing is also important when it comes to optimising the portfolio and getting the maximum value from it.
By monitoring the value of domains, businesses can streamline domain portfolios by identifying domains that are no longer adding value to the organisation, releasing budget that could be used to secure and manage the core domains instead.
Global protection
In an increasingly complex and risk-laden environment, this latest research among global brands highlights the urgent need for more businesses to adopt a more holistic brand protection strategy encompassing domains, fraud and other forms of infringement.
Political and legislative issues around domain management and security should also be considered as part of wider online brand protection programmes to more effectively mitigate risk and secure critical assets while maximising the multitude of opportunities which the Internet offers.
Commercially, while domains are an essential tool for building customer awareness and trust, the 32% of brands approached in the research that fail to monitor their value could be missing out on valuable opportunities to streamline and optimise their domain portfolio, moving on from old domains and branding and ensuring core names are better protected.
From the establishment of a brand and its domain registrations to managing and securing a portfolio spanning years or decades, the process of domain security and management should be viewed as key components of wider online brand protection programmes to guard against infringement, fraud, brand abuse and mounting cyber attacks.
Management buy-in, collaboration across business departments and external specialist support can all prove key to addressing vulnerabilities, optimising domain portfolios and safeguarding the brand’s identity, reputation and bottom line.