Your Digital Storefront: Protecting Your Domain Name and Choosing the Right Registrar

In today's interconnected global landscape, a domain name serves as a digital storefront for a company, providing customers with a first impression of the brand. While it can be a powerful tool for enhancing brand visibility and communication, it also possesses the potential to be manipulated by malicious parties for fraudulent activities. Our recent presentation at the 2024 CSA Summit delved into the critical role of domain names in fostering trust in electronic communication. We highlighted how these digital identifiers are fundamental for establishing a strong brand presence and facilitating effective communication with customers in the digital realm. They are also a favored target for cybercriminals

The ENISA threat landscape

The European Union Agency for Cyber Security (ENISA) identifies eight main types of cyber threats in their annual ENISA Threat Landscape (ETL) report.

1. Ransomware (31%)

Ransomware involves hackers seizing control of someone’s data and demanding a ransom to restore access. Shockingly, almost 60 percent of targeted companies or organizations pay the ransom. In 2022, almost 60 organizations in Germany were attacked, leading to significant revenue loss and high costs due to downtime and disrupted work.

2. Threats against availability - DDoS attacks (22%)

DDoS attacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure.

3. Threats against data (20%)

Cybercriminals launch these cyber-attacks with the goal of gaining unauthorized access and releasing sensitive, confidential, or protected data.

4. Malware (9%)

Malware refers to software that harms a system, including viruses, worms, trojan horses, and spyware. According to Unicef, there were more attacks in 2022 than in the previous six years.

5. Social engineering threats (8%)

Social engineering threats exploit human error to gain access to information or services, including phishing, whaling, smishing, and vishing.

6. Information manipulation (5%)

This includes deepfakes and disinformation-as-a-service.

7. Threats against the availability of the Internet (3%)

These involve disruptions of the Internet or electronic communications that result in outages, blackouts, shutdowns, or censorship.

8. Supply chain threats (2%)

Supply chain threats target the relationship between organizations and their suppliers and can involve a combination of at least two attacks.

The legal framework: New EU regulations in 2024 and 2025

Not only do companies have to prepare for and deal with cyber threats on an ongoing basis, but there are also numerous new cybersecurity requirements in the pipeline that need to be considered and implemented soon. Starting in 2024, the EU is introducing a series of new or updated regulations on online security:

• October 2024: Network and Information Security Directive (NIS2)
• January 2025: Digital Operational Resilience Act (DORA)
• August 2025: Radio Equipment Directive (RED)
• Mid-2026: AI Act

In order to safeguard your own digital infrastructure and protect your brand and its effectiveness online, you need to adapt to both the cyber threat landscape and the changing regulatory framework. The key to protecting your brand online is your domain name.

What is a domain name?

A domain name is the address of your website, like "wikipedia.org." DNS (Domain Name System) servers play a crucial role in translating domain names into IP addresses, which are like online addresses. Wikipedia.org’s IP address is 192.168.1.160. Think of the DNS as a giant online address book. It helps users store, differentiate, and transmit data to the right target. This system also ensures the stability of online communities. Everything online is related to the DNS, making it a very important concept to understand. Our colleague, Christophe Gérard, Nameshield’s Chief Product Officer, gives a good introduction to the DNS in Navigating the Digital Landscape: DNS Security in the Modern Age of Cyber Threats.

How are domain names managed?

The Domain Name System (DNS) is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN). Registries manage DNS extensions, like DENIC for .de, EURID for .eu, and VERISIGN for .com. Registrars, which are accredited organizations, handle domain name registrations. Registrants are the owners of domain names, while resellers act as representatives of registrars and sell domains.

The Domain Name System (DNS) serves as the entry point to all of your online assets, including your websites, emails, apps, VPN, SSO, and other key services. It's essential to have a good strategy for managing domains internally to minimize the risk of administrative errors and technical threats such as hijacking, email spoofing, and domain misuse. The unavailability of strategic domains can lead to serious consequences for the entire company, including loss of data, financial loss, bad brand image, loss of customers, and impact on teleworking. Additionally, understanding the measures and regulations related to domain disputes and subsidiary operations is crucial for effective domain management.

By choosing a secure and reliable registrar, you can reduce the risks associated with domain management, protect against external and internal threats, and ensure the security of your strategic domain names.

The two types of registrar: public and corporate

There are two types of registrars: public registrars and corporate registrars. Public registrars provide basic packages that include domain names, emails, hosting, and web services at an attractive price. However, these packages do not come with dedicated support, remediation, or cost infrastructure independence. These all-in-one packages are what we would call public registrar services, and they are more suited for individuals and small businesses.

Large companies face different challenges than individuals or small and medium businesses. They have strong brands, significant cash flow, and other unique needs. They also need advice on governance and cybersecurity expenses due to the evolving and increasingly sophisticated threats. Additionally, the legislative and regulatory context in which they operate is constantly evolving. Corporate registrars offer advanced customized services for larger businesses and brand owners to manage and protect digital assets. These services include robust DNS, data governance, and cybersecurity expertise.

Corporate registrars differentiate themselves through a variety of advanced services aimed at minimizing risks and enhancing security. These include comprehensive monitoring and education programs, stringent 'Know Your Customer' processes, and the management of registration legitimacy. Such measures not only ensure the security of the registration process but also enhance the reputation and trustworthiness of the domains managed. Many corporate registrars also offer specialized services like reputation management, assistance in recovery from security breaches, and proactive monitoring of DNS activity to identify and alert customers to unusual patterns that could indicate security threats. They also advise on naming strategies and balancing promotional needs with defensive measures to protect against cyber threats.

Selecting a registrar

Choosing the right registrar ensures the security of your domains and the resilience of your online presence against various risks. When selecting a registrar, it's essential to assess various criteria to ensure that your choice minimizes both administrative and technical risks.

Firstly, ensure that the registrar has necessary certifications such as ICANN accreditation, ISO norms, etc. They should provide regular security monitoring, undergo ongoing cybersecurity training for both staff and clients, and support process automation. It's also crucial that they have a strong understanding of their customers, boast a robust Anycast network with DNSSEC, and implement registry and registrar locks for added security.

To limit administrative risks, verify the availability of registry lock and evaluate the registrar's expertise, references, reputation, and financial solidity. Ensure secure access to the domain management platform through multi-factor authentication (MFA), IP filtering, and single sign-on (SSO) capabilities.

Mitigating technical risks involves selecting a registrar with a dual Anycast network, DDoS protection, DNSSEC, and permanent infrastructure monitoring, including an on-call team. Continuous analysis of DNS traffic, connection analysis to the management platform with log archiving, zone configuration analysis for RFC compliance and optimization, an effective alert system, and incident reporting are additional measures.

Data protection is another key aspect: ensure the registrar is GDPR compliant, prefers European suppliers to ensure data sovereignty, and maintains a high-security level for its management platform. The registrar's financial health, compliance with local and EU laws, and commitment to social and environmental responsibility are also important factors. A registrar that embraces a cooperative philosophy and actively participates in working groups is more likely to stay abreast of evolving legislation and best practices.

Make the protection of your digital storefront a top priority

In conclusion, as the digital age continues to evolve, the importance of maintaining a secure and identifiable digital presence becomes increasingly paramount. Protecting your domain name is not merely about safeguarding a piece of digital real estate; it's about preserving the integrity, trustworthiness, and visibility of your brand online. With the escalation of cyber threats and the upcoming implementation of new EU regulations, businesses must take proactive steps to enhance their digital resilience. This entails selecting a reputable registrar, understanding the intricacies of the Domain Name System (DNS), and staying ahead of regulatory changes. Remember that your domain name is more than an address - it's a reflection of your brand's identity and a cornerstone of your digital security strategy. Stay informed, stay prepared, and make the protection of your digital storefront a top priority.

Nameshield offers a wide range of customized cybersecurity services to businesses and operates in Europe and North America. Uniquely, it is owned by its employees.

Joëlle Samaké is the Country Coordinator for Germany at Nameshield GmbH. Since 2022, she has been coordinating the activities of Nameshield in Germany. Nameshield is a European registrar that provides domain security and related services such as DNS premium, DMARC, domain monitoring, and enforcement. She brings 15 years of prior experience as a project manager for brands and domains at a large German retail and services group to her role at Nameshield. She is very interested in the NIS2 being applied in a harmonized way across European countries and is committed to customer proximity and providing secure environments for strategic domains and big brands online.

She advocates that companies should have a domain strategy, implement a strong plan for strategic domains, and set up regular exchanges between the marketing, legal, and IT departments.

Arnaud Wittersheim is the New gTLDs und Compliance Project Manager and Product Owner Domain Names at Nameshield SAS. Arnaud is currently managing new gTLD projects, particularly .BRAND, for companies and other operational projects. Additionally, he is responsible for regulatory and contractual compliance. He started his career in the start-up world and then specialized in DNS and online asset protection services, holding commercial, technical, and managerial positions within three registrars. He has been with Nameshield since 2014 and actively participates in working groups on Internet governance and naming policies and has been a member of registry boards. He advocates that companies should consider the criticality of their domain names and DNS in terms of cybersecurity and sovereignty, the opportunity of having their own namespace, a .BRAND, and the benefits of working with a recognized corporate registrar that can adapt to their specific needs and organization.