4 Cybersecurity Lessons From An Internet Transparency Entrepreneur WhoisXML API CEO Jonathan Zhang shares some critical lessons from his over-a-decade-long journey toward greater cybersecurity transparency for all businesses

The threat of cyberattacks is among the most pressing concerns entrepreneurs face in this digital age. Aside from unquantifiable reputational damage, businesses that suffer from cybercrime can lose significant amounts. According to IBM's recent Cost of a Data Breach Report, companies can lose an average of $4.24 million from a data breach incident, with the cost of stolen personally identifiable information, or PII, pegged at $180 per record.

Therefore, insights related to cybersecurity are pretty valuable and can help avoid costly mistakes. We gleaned guidance from Jonathan Zhang, CEO and founder of a domain and DNS intelligence company that aims to make the Internet a safer place through transparency.

Here are four cybersecurity lessons we can learn from Zhang's journey.

Lesson #1: Global events impact the cyber threat landscape.

Threat actors often craft malicious campaigns around newsworthy events, primarily to take advantage of people's interest in the matter. These campaigns lead to various forms of DNS abuse, such as phishing, spamming, malware attacks, and botnet activities.

While the correlation between global events and cyber threats has been evident in recent years, Zhang pointed out several examples that reveal how we can obtain clues about event-triggered threats from domain data. For instance, his company's collaboration with Bloomberg uncovered a spike in coronavirus-themed domain registrations shortly before the pandemic was declared. From less than 20 domains in December 2019, the registration volume went up to more than 50,000 by March the following year.

A similar trend was observed when the Sputnik vaccine was released in August 2020, followed by various vaccination campaigns in several countries beginning in December that same year.

But world-changing events are not the only ones that follow such trends. Seasonal events like Valentine's Day, the tax season, Black Friday, and the Oscars also drive up the registration of domains that can serve as vehicles for DNS abuse.

At present, law enforcement agencies are doing their best to detect global event-themed malicious campaigns and warn the general public about them. Other organizations, such as the Internet Corporation for Assigned Names and Numbers or the ICANN, registrars, registries, and government agencies, are also taking steps to help reduce DNS abuse.

Lesson #2: Threat actors exploit any gap, no matter how small.

Businesses working on their cybersecurity posture know that attack surfaces are getting wider. But what exactly contributes to that? While there are several vectors that play a part in the growth of attack surfaces, Zhang's access to domain data reveals that domain names are a significant contributor.

Domain names, in particular, and the DNS, in general, can widen attack surfaces. Imagine a company with several web pages, each with its own subdomains and DNS instances. When the company decides to de-provision the subdomain, relevant DNS records are often left as is. These dangling DNS records make the company vulnerable to subdomain takeovers, allowing threat actors to read cookies, obtain login credentials, or show malicious content to users.

It's also essential to have a centralized record of all domains an organization owns in case of employee turnover, mergers and acquisitions or M&As, and other significant business movements. Otherwise, threat actors can swoop right in and hijack the domains.

These are relatively small gaps that companies often overlook, but they are exploitable vulnerabilities.

Lesson #3: Watch out for people abusing your domain name.

It only takes a few minutes to register a domain name. And with registrars offering bulk registrations, anyone can easily register hundreds of domains. No checks are performed to see if the strings used in the domains are trademarked or owned by other entities. As such, cybersquatting and typo-squatting domains abound.

Many will argue that imitation is the highest form of flattery, but not when you're trying to keep your business afloat. Even large companies in different sectors protect their brands from domain name abuse through defensive domain registration and domain name management. For instance, NFT companies were recently seen registering hundreds of look-alike domains. These organizations know that threat actors can use cybersquatting domains in malicious activities like phishing, fraud, and scams.

Cybersquatting domains can also serve as vehicles for counterfeiting, which has become a massive challenge for brands in specific industries, including fashion, pharmaceuticals, and electronics. While counterfeiters are not out to steal sensitive information, they sell fake products that can ultimately damage the imitated brand's reputation.

Lesson #4: Don't underestimate the power of domain intelligence.

Zhang's experience in domain intelligence and cybersecurity led him to become aware that domain data is a significant source of risk indicators. And with the ever-evolving threat landscape, entrepreneurs need all the clues they can get to help protect their businesses.

Risk signals can take the form of event-triggered domain registrations, dangling DNS records, vulnerable domains and subdomains, or cybersquatting domains. Regardless of kind, all of them have to be treated as threats or vulnerabilities that malicious actors can mobilize or exploit anytime. They can become channels of botnet-related, phishing, counterfeiting, misinformation, scam, and fraud campaigns and other cyberattacks that can bring businesses down.