In this ISJ exclusive, Elliot Champion, Global Product Director of Brand Protection and Anti-Fraud, CSC explores domain security and fraud.
Can you tell me about CSC and its journey within the security industry?
CSC was founded in 1899 and it has spent more than a century supporting high-profile organisations and now plays a defined role in the modern security landscape.
Its focus areas include:
- Domain security and management
- Digital brand protection
- Fraud protection
CSC’s DomainSec platform helps enterprises identify cybersecurity oversights and secure online assets and brand reputation to avoid revenue loss.
What are the biggest domain security threats you see emerging for global enterprises today?
Fake domain names are a growing threat, as fraudsters can easily register domains that often serve as the starting point for IP infringement and phishing attacks.
AI-driven impersonation is further accelerating this risk, with attackers using AI to create realistic fake assets, including executive likenesses, to launch fraud campaigns or automate creating fake domains at mass in ways that are fast and low cost.
Crimeware-as-a-Service (CaaS) kits make it easier for bad actors to scale attacks, lowering the technical barriers to entry.
Compounding this, organisations using retail registrars face added exposure because these providers lack the security controls and enforcement capabilities of corporate registrars.
Do you think domain security will soon become a standard part of enterprise cybersecurity and what needs to happen to get there?
Domain security is increasingly recognised as a core element of cybersecurity strategies and making it standard requires organisations to shift from a reactive to a proactive approach.
Enterprises need multi-layered, proactive security postures, supported by greater collaboration between legal, IT, marketing and security teams.
Adoption of corporate registrars like CSC, which offer global enforcement capabilities, is becoming essential, alongside increased outsourcing to specialised providers for monitoring and takedown services to address threats outside the firewall.
This must be reinforced by continuous investment in domain management strategies and robust governance frameworks.
How should security teams rethink their security approach in regards to monitoring and securing online assets as digital footprints expand globally?
Organisations should establish dedicated digital governance groups that bring together legal, IT, marketing and security to oversee brand activity, policy planning and incident response.
They should maintain total visibility into their domain portfolios by protecting core domains and monitoring third-party domain activity – for example, preventing lapsed domains from being picked up by bad actors.
Additionally, using outsourced partners for global monitoring and enforcement can help alleviate pressure on internal legal teams while strengthening overall resilience.
Teams should prioritise risk-based investment and adopt proactive threat-intelligence tools that can identify potential attack domains early
What future trends do you expect in phishing and fraud campaigns, especially as attackers use automation and AI?
The threat landscape is becoming increasingly sophisticated with highly targeted attacks replacing mass phishing and achieving much higher success rates.
AI-generated content – spanning emails, websites and videos – is making fraud significantly harder to detect, while deepfake impersonations of senior executives, especially CEOs, are being used to facilitate financial fraud.
Attackers are also automating domain registration and exploitation through AI and CaaS toolkits, enabling them to scale operations rapidly.
As a result, distinguishing real digital content from fake is becoming progressively more difficult, heightening risks for organisations.
Where do you see AI and machine learning having the biggest impact on domain security in the next three to five years?
Fraudsters are now able to create fake assets – such as logos, websites and videos – at scale and automated phishing campaigns increasingly leverage AI to deliver highly personalised attacks.
In response, enterprises are adopting AI-driven detection tools for proactive monitoring and the swift takedown of fraudulent domains, supported by predictive analytics that help anticipate emerging threats.
These developments underscore the growing need for internal training and comprehensive policy development to mitigate the expanding risks associated with AI-led attacks.
What is the biggest piece of advice you would give to a business looking at securing themselves from things like fraud etc?
Adopting a proactive, multi-layered cybersecurity posture is essential.
This includes securing domain portfolios with a corporate registrar – avoiding retail registrars that lack enforcement capabilities and implementing continuous monitoring and enforcement to identify and mitigate IP and domain misuse.
Organisations should also foster cross-team collaboration between legal, IT, security and marketing through regular meetings and consider outsourcing to trusted partners to ensure global coverage and rapid takedown capabilities.
Staying ahead of AI-driven threats requires ongoing training and strong governance policies.
Ultimately, a proactive posture signals that the organisation values its IP and reputation and that investment pays dividends over time.