Open to attack: why poor domain management poses a growing threat to IP


Stu Homan

Open to attack: why poor domain management poses a growing threat to IP

Sashkin /

Robust domain protection should be an essential part of any international organisation’s day-to-day operations, says Stu Homan of MarkMonitor.

Global brand research shows organisations are risking IP and online identity through siloed domain security. At the same time, Brexit and legislative changes such as the EU General Data Protection Regulation (GDPR) are making proactive brand protection more complex.

While no organisation is immune to online threats, the high-profile nature of global brands puts them among the most at risk when it comes to attacks on IP.

Alongside fines and other financial consequences, the potential impact of such attacks on customer confidence, trust and overall damage to reputation can be long-lasting and hard to quantify. This makes the requirement for robust brand protection an essential part of any international organisation’s day-to-day operations.

The results of a new global report, commissioned by MarkMonitor, a Clarivate Analytics company, demonstrate the scale of the current challenge.

It found that approximately one in four companies (23%) has suffered a domain attack in the previous year.

Almost half (46%) of respondents also reported a rise in brand infringement, while 62% had witnessed the impact of online crime in the last year. This includes growing threats such as phishing (28%) and false association (13%), along with brand/logo confusion (13%), keyword hijacking (13%), traffic diversion (12%), and traffic lost to domain squatted sites (10%).

Regulatory restrictions

Just over a year on from the introduction of GDPR, organisations now face fines of up to €20 million ($22.1 million), or 4% of revenue, for significant data infringements.

Already this has led to high-profile brands including British Airways and Marriott International hitting the headlines and facing substantial financial penalties issued in response to major breaches.

Less well publicised is the fact that, following the introduction of GDPR, domain name registries and registrars now have the option to redact, from public display, registrant contact information from their WHOIS records.

“Responsibility for domain management and security typically falls to just one department or business unit.”

These records are frequently used by security experts, brand protection service providers, law enforcement agencies and IP owners, as well as other parties responsible for tracing and guarding against infringements and criminality.

Added to the other significant work necessary to ensure compliance, it is not surprising that 64% of legal professionals approached for the MarkMonitor research report that GDPR has impacted their domain strategy.

Uncertainty over Brexit outcomes and what they might mean for organisations based in the UK, the EU, and abroad is also adding to the complexity of domain security challenges and the subsequent threat to IP.

One-third of legal professionals report that Brexit has affected their organisation’s domain strategy and 21% say that they have been forced to re-evaluate their entire EU strategy.

Legal responsibility

Despite these mounting challenges, MarkMonitor’s research found that 87% of businesses are still adopting a siloed approach to domain management, using individual departments—including legal—and employees to carry out key tasks.

Yet, in doing so, they reduce their visibility and are potentially adding to the multitude of external threats they now face.

Across organisations, feedback highlighted that responsibility for domain management and security typically falls to just one department or business unit—in this case IT or IT security (46%), followed by legal (16%) and marketing (13%).

Just 13% of brands worked collaboratively, with responsibility for domain management spanning multiple departments.

Often the sheer size of the domain portfolio makes management a challenging task. Around one quarter (24%) of legal professionals in the survey work in businesses that own more than 100 domains, while 6% have more than 1,000 domains in their organisation—a daunting prospect for those responsible for their management.

The challenge is even greater as the research revealed a widespread siloed approach to domain management, with 41% of legal professionals saying they shouldered the responsibility.

A further 20% revealed that responsibility for this increasingly crucial work sits with just one person.

The research highlighted lack of visibility at board level, adding to the potential threat to domain security and IP, with more than half (59%) of legal professionals reporting that C-level executives aren’t engaged in domain management.

Almost a quarter (24%) said they don’t view it as a board issue, while 6% revealed they have no idea of the cost to the business.

When it comes to domain security, legal teams believed that responsibility should sit with IT (42%) or the board (25%). More than half (54%) of legal professionals reported that they do not have a dedicated budget for online brand protection.

Working in isolation with little or no visibility of the wider IP and brand protection strategy and lack of budget, organisations are hard-pressed to effectively implement a domain management strategy. This is important, as organisations sometimes have thousands of domains and need to identify high value or dormant domains as part of the process.

Likewise, when an individual holds responsibility for key aspects of domain management, there are likely to be challenges if they leave or switch roles. In addition, there’s the danger of overlooking important notices and missing renewal deadlines, the consequences of which could be disastrous and far-reaching.

Collaborative strategy

Meeting the increasingly essential requirement to protect IP requires a comprehensive strategy that moves beyond dealing with domain renewals in isolation.

Instead, the joined-up approach should be built on the effective management and security of the domain portfolio and encompass all aspects of brand protection, from registering, managing and securing domains, to tackling counterfeiting, piracy, online crime and other forms of brand abuse.

Developing and maintaining this strategy requires recognising the need for dedicated resource and collaboration between departments in the business and, to be truly effective, must be supported at board level.

At a time of complex regulation, political uncertainties and higher volumes of online threats, it’s clear that organisations can no longer afford to ignore the potential consequences of failing to protect IP.

Stu Homan is director of domain management at MarkMonitor. He can be contacted at:

MarkMonitor, domain protection, GDPR, Brexit, global brands, Clarivate Analytics, infringement, IP owners

Trademarks and Brands Online