SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Risk & Compliance
#
AI

CISOs brace for rise in AI-driven cyber attacks & domain threats

Today
Author image
By Catherine Knowles, Journalist

Almost all chief information security officers (CISOs) anticipate an increase in cyber attacks over the coming three years, attributing the escalation to an increasingly complex and artificial intelligence (AI)-driven threat landscape.

Research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC has highlighted significant concerns over cybersquatting, domain-based attacks, and ransomware. The report, entitled "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," identifies these as the foremost global cyber threats for 2024, with expectations that such risks will continue to rise as cybercriminals use AI and other advanced technologies for more sophisticated attacks.

Among those surveyed, 98% expect a surge in cyber attacks within three years. A substantial proportion, 87%, identified AI-powered domain generation algorithms (DGAs) as a direct threat. These algorithms allow for the mass production of domains that can be used for malicious purposes, heightening the challenge for security teams.

AI concerns grow

The proliferation of AI-driven threats is not limited to DGAs. The survey found that 97% of respondents have concerns regarding the risks of permitting third-party AI systems to access company data, pointing towards the necessity of stringent governance frameworks for AI implementation in business contexts.

Despite these mounting threats, the confidence among CISOs in their organisations' ability to address domain-based attacks remains low. Only 7% of those questioned expressed that they were "very confident" in their current defensive measures, while a further 22% believe they have suitable tools in place. The lack of confidence has been attributed to gaps in preparedness, with some organisations potentially underestimating both the intricacies of domain security and the pace at which these threats evolve.

Domain security vulnerabilities

The survey underscores persistent vulnerabilities within DNS and domain-related infrastructure, which remain a focal point for cyber attackers seeking to exploit weaknesses and compromise companies' digital assets.

"DNS and domain-related infrastructure are prime targets for cybercriminals," says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. "These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well."

CISOs regard cybersquatting, domain-based attacks, and ransomware as primary risks looking forward. The concern is justified given the increased use of AI techniques that make attacks more difficult to detect and counteract.

On the human side, the research points out that security vulnerabilities are exacerbated by gaps in internal education and expertise. Security professionals have noted that not every organisation is equipped to monitor domain activity around the clock, making them susceptible to attacks that exploit these security oversights.

"The human element continues to be the biggest security vulnerability," adds Nina Hrichak, vice president of CSC's Digital Brand Services. "As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organisation possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organisations stay ahead of the curve."

Global input

The survey, delivered in partnership with Pure Profile, included responses from IT leaders and security professionals in Europe, the United Kingdom, North America, and Asia Pacific. The focus was to understand both current concerns and the approaches being taken to manage evolving cyber risks in the context of new regulations and the rising influence of AI in the cybercrime landscape.

Among the wide range of security issues identified, DNS hijacking and distributed denial-of-service (DDoS) attacks remain significant challenges. The report highlights that a single compromise can disrupt critical business functions, from email systems to customer portals, with the potential for wide-reaching operational, reputational, and regulatory consequences.

The findings suggest that increased investment in security measures, education, and external expertise is likely to play a critical role as organisations across sectors prepare for a wave of new and AI-enhanced cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Jamf report finds phishing & infostealers surge on Apple devices
Myriad360 & Cyera launch AI-powered data security tool for AWS
Sumsub adds advanced device intelligence to boost fraud defence
HackerOne launches PartnerOne alliance for AI-driven security
Circumvent raises $6 million to advance proactive AI cloud security
Top stories
Agentic AI adoption in application security sees cautious growth
Shadow AI use surges among cybersecurity teams, heightening risks
Major healthcare providers leave email systems open to phishing risk
Fortinet expands AWS Marketplace suite to boost cloud security
C-suite divisions slow GenAI adoption due to security worries