2025年首席信息安全官展望：AI与监管趋严背景下的域名威胁应对

Navigating evolving domain-based threatsin an era of AI and tightening regulation Driven in part by the rapid rise of artificialintelligence (AI), the variety and intensityof cybersecurity threats to organizationscontinue to expand. Today’s bad actors have access to increasinglysophisticated methods—including deepfakes anddomain generation algorithms (DGAs)—posing agrowing challenge for businesses to anticipate anddefend against. At the same time, chief informationsecurity officers (CISOs) and their teams mustcontinue to guard against more established securitythreats such as distributed denial of service (DDoS)attacks. Such incidents still put companies at risk,despite measures and efforts over the years to curbtheir impact. In Q1 2025, CSC commissioned independentresearch among CISOs, chief information officers(CIOs), and other senior IT professionals tounderstand more about their current concerns. We setout to understand evolving cyber threats, the currentstate of IT security budgets, how cybersecurityprofessionals are coping with tightening and evolvinglevels of regulation, and how teams are using securitypolicies and technology to keep organizations safe. Our study found almost three quarters (70%) ofrespondents believe that security threats will increasein the year ahead; almost all (98%) predict anincrease in the next three years. Almost nine in 10(87%) believe that DGAs powered by AI pose a threat. There’s no doubt that CISOs will continue to be challengedby security threats. Our job is to keep developing betterways to control both residual risks and newer threat vectors. OUR EXPERTS Mark EgglestonCSC Chief InformationSecurity Officer Ihab ShraimChief Technology Officer,CSC’s Digital BrandServices Nina HrichakVice President ofEMEA AccountManagement, CSC'sDigital Brand Services Mark FleggSenior Director of Technology, Security Products andServices, CSC's DigitalBrand Services What CISOs are saying: A snapshot We surveyed 300 CISOs, CIOs, and heads of IT in Q12025 and found that cybersecurity threats are materialrisks that are becoming more challenging. 70% 67% of respondents saidcybersecurity threatswere either critical orsignificant in 2024. expect an increase inthreats in 2025. Domain and DNS threatswill dominate the threat landscape The top three security threats in 2024 were cited as: 4.Ransomware and malware5.Social media cyber attacksand defamation6.Phishing and socialengineering7.Other Domain and domainname system (DNS)hijacking DDoS attacks Cybersquatting The top three expected threats over the next three years are: 4.DDoS attacks5.Social media cyber attacksand defamation6.Phishing and socialengineering7.Other Domain andDNS hijacking Ransomwareand malware Cybersquatting The adoption of outsourcing servicesfor cybersecurity is widespread butinconsistent AI will have a significant impact oncybersecurity Almost nine in 10 (87%) believe that DGAs powered byAI pose a threat. Almost half our respondents said they mainlyuse in-house systems, processes, and staff, butoutsource to specialists to a limited degree. Just under a fifth (18%) in-source exclusively. The vast majority (97%) said they’re concernedabout giving AI-based third-party systems access tocompany data. Almost a third (30%) outsource to specialists butalso use in-house resources. Cyber threats areevolving—and onlygetting more complex CISOs face a rising tide ofever-more sophisticatedcyber threats. Worse, theypredict the level of securitychallenges they face is onlyset to intensify. Neither critical norinsignificant30% Almost one in 10 (9%) of our respondents saidthe risks presented by cybersecurity threatswere “critical” in 2024. Three fifths (58%) ratedthem as significant, meaning that two thirds(67%) thought risks were material. A further30% said that risks were neither critical norinsignificant. “CISOs have needed to deal with hugeperiods of transition, so it’s understandablethey feel the risks are so serious,” saysMark Flegg, senior director of Technology,Security Products and Services, CSC'sDigital Brand Services. “As organizations began moving core systems away from in-house,on-premise infrastructure to the cloud, they opened up their ITenvironments to new threats. A perfect example is subdomainhijacking, or subdomain takeover, which wasn’t as much of aconcern 20 years ago—when firms ran their own data centers andrarely handed over IP address space or DNS control to third parties.Now IT systems are more easily penetrated, and we have bad actorslooking for any opportunity to find gaps in the armor.” The risks presented by cyber threatswill worsen in the months andyears ahead, said our respondents.Almost three quarters (70%) expectan increase in 2025, with 5% sayingthe rise will be “significant;” 98%expect an increase over the nextthree years, with two thirds (66%)saying this will also be significant. “What we’re seeingis that attacks suchas ransomware don’thappen in isolation,and that bad