Why Domain Security Is the Blind Spot Putting Enterprises at Risk: CSC’s Mark Flegg on Fixing a Broken System

In a digital landscape increasingly shaped by AI-driven threats and fragmented oversight, domain security has become a critical yet often overlooked pillar of enterprise defense. Mark Flegg, Global Director of Security Services at CSC, sits down with us to unpack why confidence among CISOs remains so low and what structural shifts are needed to protect organizations from escalating domain-based attacks. From AI arms races to registrar trust issues, Flegg offers a clear-eyed view into what’s broken—and how to fix it. With only 7% of CISOs expressing full confidence in their ability to combat domain-based attacks, what are the key barriers preventing organizations from building that confidence and how do you propose overcoming them?

One major barrier is fragmented ownership. Domain security is often managed outside the CISO’s team, handled by legal, marketing, or IT, which creates blind spots. Another issue is budget. Domains are still viewed as a commodity rather than critical infrastructure, leading to underinvestment. There are also tooling gaps. Many companies rely on Domain Name System (DNS) providers but lack full-stack visibility or enterprise-grade controls. Lastly, registrar trust is low: 99% of CISOs are concerned their registrar may not follow Know Your Customer (KYC) policies.

To close the gap, organizations must reframe domains as a core part of their cyber posture by allocating appropriate resources, centralizing governance, and choosing enterprise-class registrars with security-first policies. Cross-functional alignment and stronger tooling are essential to rebuilding confidence.

AI-powered domain generation algorithms (DGAs) are now seen as a direct threat by 87% of CISOs. How do you see the arms race between AI-driven attacks and AI-driven defenses evolving over the next three years?

We’re entering a high-velocity escalation. Threat actors are using AI to automate domain spoofing and deepfakes at scale. Meanwhile, defenders are deploying AI to detect anomalies and automate takedowns.

Over time, we expect enterprises to embrace AI defensively, but the winners will be those who pair it with human oversight and strong digital hygiene (strict access controls, domain monitoring, DNS protections). It’s also about implementing clear domain acquisition and retention policies, as owning the right domains in the first place can reduce risk exposure, no matter how attacks manifest. Maintaining DNS hygiene, retiring unused assets, and closely monitoring domain activity are just as critical as deploying new AI tools. The organizations that succeed will combine intelligent automation with smart policy and infrastructure discipline.

Given the increased use of off-the-shelf AI attack kits, what role should regulation or government-led standards play in limiting the proliferation of these tools or is this a responsibility that rests solely on the private sector?

Regulation can play a meaningful role, such as enforcing responsible AI use and requiring platforms to monitor or restrict access to high-risk AI tools. But since attackers often operate across jurisdictions, the private sector must also take the lead.

That includes developing clear AI governance policies, investing in employee training and awareness, and working with trusted providers to detect and respond to threats quickly. Education helps reduce human error while policy closes technical and procedural gaps. When organizations proactively shut as many doors as possible, they make it harder for bad actors to gain a foothold or cause meaningful impact. The most effective approach will combine regulatory oversight with internal accountability and cross-functional readiness.

Cybersquatting and subdomain hijacking are rising in both volume and sophistication. Are current brand protection and domain monitoring strategies keeping pace with these threats, or is a major industry-wide shift needed?

Current strategies are not keeping pace. Attackers are moving faster—registering lookalike domains in seconds, exploiting dangling DNS, and hijacking forgotten subdomains. The rise of cloud outsourcing has made this worse, as recycled hostnames can unintentionally expose digital assets. Yet many companies rely on manual monitoring or periodic reviews, which are no longer sufficient.

The industry needs to shift to proactive, keyword-based domain monitoring with real-time alerts, automated enforcement options, and stronger registrar policies. Subdomain monitoring is especially critical now—a new service for a new threat—as organizations expand their digital footprints across third-party platforms. In short, brand protection must evolve, with a level of investment that matches the threat.

Despite the rising risks, only 22% of CISOs feel they have the right tools in place. What specific capabilities or technologies are most urgently missing from enterprise security stacks when it comes to DNS and domain protection?

Many enterprises lack integrated domain security tools that provide real-time visibility across their DNS infrastructure. Urgently needed capabilities include:

• Automated domain monitoring to detect impersonation and malicious registrations

• Registry lock and DNSSEC to prevent unauthorized changes

• Enterprise-class registrar services with KYC enforcement and role-based access controls

• Centralized visibility and control across global domain portfolios

While these are critical safeguards, budget remains a major barrier. Domain security is often seen as a low-priority line item, yet the cost of deploying these protections is often negligible compared to broader cybersecurity investments. Business leaders still face internal pushback, which points to a need for board-level education.

Domain security shouldn’t be viewed as insurance—it’s intelligence infrastructure. Not knowing is no longer an excuse. With growing threats and increased regulatory scrutiny, protecting DNS and domains must move from optional to essential.