Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Why Banking & Financial Services Organizations Must Prioritize Domain Security

iStock 1280281223 - Global Banking | Finance

191 - Global Banking | Finance By Richard Cahill, Regional Leader, CSC Digital Brand Services

Banking and financial services industries are known for being at the forefront of cyber protection and innovation. Yet they are also among the most targeted by phishing attacks, social engineering, CEO fraud and business email compromise (BEC) due to the sheer number of clients and financial data they own. According to the Carnegie Endowment International Peace, cyber risks to banking and financial industries have grown in recent years and is becoming more frequent, sophisticated, and destructive. As cyber risks continue to increase, these institutions face greater challenges in quantifying them and addressing their capacity for harm.

One area of cybersecurity that banking and financial industries continue to struggle with is domain security. Web domains are a crucial part of any businesses’ operations, supporting client facing websites, organizations email, client or supplier portals, and much more. But like anything else that’s critical to an organization, they are also a key piece of the external attack surface that companies need to protect. Whether it be typosquatting, lookalike domain attacks, or phishing/malware campaigns, bad actors will find ways to conduct cyberattacks and take advantage of these assets.

Over the last three years, we have been reporting on the domain security posture of the Forbes Global 2000 companies annually. One of the key findings from this year’s 2022 Domain Security Report, captured in the chart below, was that Banking was the top industry being targeted with fake domain registrations, followed closely by Diversified Financial companies tied for the 5th spot.

192 - Global Banking | Finance

One of the key findings in this report is that out of all of the Global 2000 companies, over 75% of homoglyph domains are owned by third parties. And of those domains owned by third parties (not owned by the brand owner) that are online for malicious purposes, 14.6% of these domains are targeting the Banking and Diversified Financial companies alone – a high percentage given the number of industry classifications within the Global 2000.

Additionally, the report provided domain security scores to showcase top companies or industries with domain security best practices and protocols deployed. Further analyses of the report’s data showed in the chart below that Banking and Financial Services industries ranked in the middle of all industries for deploying security measures that can prevent domain or DNS attacks from happening.

193 - Global Banking | Finance

Overall, from the report, we’re seeing some organizations becoming more secure, but there is still a portion of companies with considerable domain security risk. This year’s report reveals that 75 percent of the Global 2000 companies and their brands are being e maliciously registered as fake domains by third parties, as they fail to implement key domain security measures.

Many governing bodies have begun to focus on domain security, including the UK National Cybersecurity Center, and the Central Digital and Data Office, which offers a list of best practices. Below are four key steps a bank or financial institution can take to safeguard their domains and brands from online abuse and fraud:

  • Adopt a defense-in-depth approach for domain management and security

Eliminate third-party risk by assessing your domain registrar’s security, technology, and processes along with your company’s domain name system (DNS) management provider. Be sure to also identify and secure vital domain names, DNS, and digital certificates.

  • Continuously monitor the domain space and key digital channels

Register domains that could be high-value targets related to your brands and make sure you identify domain and DNS spoofing tactics as well. It is also important to identify trademarks and copyright abuse on web content, online marketplaces, social media and apps.

  • Use global enforcement, including takedowns and internet blocking

To reduce the risk to your organization, it is vital to use phishing monitoring and a fraud-blocking network of browsers, partners, ISPs, and security information and event management systems. We also recommend using a range of technical and legal approaches for enforcement including takedowns and worldwide fraud blocking networks to mitigate these online scam sites by having an enforcement provider ‘on standby.’

  • Confirm vendor business practices aren’t contributing to fraud and brand abuse

The following issues are often common with consumer-grade domain registrars:

  • Operating domain marketplaces that drop catch, auction, and sell domain names containing trademarks to the highest bidder
  • Domain name spinning and advocating the registration of domain names containing trademarks
  • Monetizing domain names containing trademarks with pay-per-click sites

The risk of a bank or financial institution not addressing their domain security can be catastrophic. Domains that are not protected pose a significant threat to cybersecurity posture, data protection, consumer safety, intellectual property, supply chains, revenue, and reputation. We can expect awareness of these issues to grow, and for cyber insurance providers to start holding clients accountable for the quality and rigor of their domain defense strategies and approaches.

In today’s world, artificial intelligence (AI) will significantly increase cybercriminals’ skillsets when launching attacks so defense tools need to be as smart as the technologies used by bad actors. With innovations such as ChatGPT, the best course of action to protect banks and financial institutions is to continue to elevate the awareness of these threats and share best practices, so that organizations can improve their domain security posture and safeguard their domains and brands from online abuse and fraud.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post