Latest news with #CISOOutlook2025
Techday NZ
4 days ago
- Business
- Techday NZ
CISOs brace for rise in AI-driven cyber attacks & domain threats
Almost all chief information security officers (CISOs) anticipate an increase in cyber attacks over the coming three years, attributing the escalation to an increasingly complex and artificial intelligence (AI)-driven threat landscape. Research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC has highlighted significant concerns over cybersquatting, domain-based attacks, and ransomware. The report, entitled "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," identifies these as the foremost global cyber threats for 2024, with expectations that such risks will continue to rise as cybercriminals use AI and other advanced technologies for more sophisticated attacks. Among those surveyed, 98% expect a surge in cyber attacks within three years. A substantial proportion, 87%, identified AI-powered domain generation algorithms (DGAs) as a direct threat. These algorithms allow for the mass production of domains that can be used for malicious purposes, heightening the challenge for security teams. AI concerns grow The proliferation of AI-driven threats is not limited to DGAs. The survey found that 97% of respondents have concerns regarding the risks of permitting third-party AI systems to access company data, pointing towards the necessity of stringent governance frameworks for AI implementation in business contexts. Despite these mounting threats, the confidence among CISOs in their organisations' ability to address domain-based attacks remains low. Only 7% of those questioned expressed that they were "very confident" in their current defensive measures, while a further 22% believe they have suitable tools in place. The lack of confidence has been attributed to gaps in preparedness, with some organisations potentially underestimating both the intricacies of domain security and the pace at which these threats evolve. Domain security vulnerabilities The survey underscores persistent vulnerabilities within DNS and domain-related infrastructure, which remain a focal point for cyber attackers seeking to exploit weaknesses and compromise companies' digital assets. "DNS and domain-related infrastructure are prime targets for cybercriminals," says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. "These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well." CISOs regard cybersquatting, domain-based attacks, and ransomware as primary risks looking forward. The concern is justified given the increased use of AI techniques that make attacks more difficult to detect and counteract. On the human side, the research points out that security vulnerabilities are exacerbated by gaps in internal education and expertise. Security professionals have noted that not every organisation is equipped to monitor domain activity around the clock, making them susceptible to attacks that exploit these security oversights. "The human element continues to be the biggest security vulnerability," adds Nina Hrichak, vice president of CSC's Digital Brand Services. "As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organisation possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organisations stay ahead of the curve." Global input The survey, delivered in partnership with Pure Profile, included responses from IT leaders and security professionals in Europe, the United Kingdom, North America, and Asia Pacific. The focus was to understand both current concerns and the approaches being taken to manage evolving cyber risks in the context of new regulations and the rising influence of AI in the cybercrime landscape. Among the wide range of security issues identified, DNS hijacking and distributed denial-of-service (DDoS) attacks remain significant challenges. The report highlights that a single compromise can disrupt critical business functions, from email systems to customer portals, with the potential for wide-reaching operational, reputational, and regulatory consequences. The findings suggest that increased investment in security measures, education, and external expertise is likely to play a critical role as organisations across sectors prepare for a wave of new and AI-enhanced cyber threats.
Business Wire
5 days ago
- Business
- Business Wire
New CSC Survey Finds Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years
WILMINGTON, Del.--(BUSINESS WIRE)--An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC 1, the leading provider of enterprise-class domain and domain name system (DNS) security. The report, 'CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,' names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. 'DNS and domain-related infrastructure are prime targets for cybercriminals,' says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. 'These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well.' AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks. Despite these escalating concerns, only 7% of CISOs expressed being 'very confident' in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it's possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving. 'The human element continues to be the biggest security vulnerability,' adds Nina Hrichak, vice president of CSC's Digital Brand Services. 'As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve.' To receive a copy of CSC's 'CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation,' contact us at CSC@ or visit the website. 1 CSC, in partnership with Pure Profile, surveyed 300 CISOs, CIOs, and senior IT professionals operating in Europe, the U.K., North America, and Asia Pacific to understand their current concerns and how they are navigating the evolving cybersecurity landscape, regulatory demands, and the rise of AI in cybercrime. About CSC CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit
