"I don't dare think what 2020 would have been like without the internet"

How do you look back on 2020?

"It was an exceptional year, to say the least. The coronavirus caused a global crisis that had – and continues to have – far-reaching consequences for everyone. Entire sectors of the economy were pretty much brought to a halt and many companies and self-employed people are facing serious difficulties, despite all the support measures. There were challenges for us here at SIDN too. Nevertheless, the lockdowns and the hyper-digitisation that followed led to a sharp upturn in new domain name registrations. The year ended with nearly a million new names; 995,000, to be precise. Cancellations didn't increase at the same pace, and a very large number of unused domain names were dusted off and put to work. The .nl domain also grew relative to other TLDs: with more focus on local activities, the brand preference for .nl increased from 70 per cent to about 80 per cent. Figures like that would normally be a cause for celebration. But, because of the background, I have somewhat mixed emotions. Nevertheless, our growth illustrates how .nl domain names and the internet in general have been delivering solutions to many of the challenges we've faced in our professional and private lives. Looking back, it's very clear that the internet became more important than ever last year. I don't dare think what 2020 would have been like without the internet."

And .nl passed another milestone?

"Yes, in June we reached six million registered domain names. Back in January, we hadn't expected to get there at all in 2020, never mind get there by the middle of the year. And the growth continued after the summer, so we ended the year with 6,112,300 domain names, about 150,000 more than forecast. Most of the growth was realised by the biggest hundred of our 1,100 registrars. Smaller players actually saw the registration volume contract, because they tend to concentrate on other activities and often act as resellers for bigger service providers. Over the last twelve months, we've seen a lot of acquisition and merger activity in the registrar sector. As a result, some Dutch registrars are now significant international players."

How does SIDN plan to build on its success in 2021?

"Our main aim is to promote awareness amongst people starting new online businesses: what's the best way to generate income with a .nl domain name and website? We see that as important because the lockdowns have prompted a lot of people to turn to the internet, but many don't actually know how to go about things, or how to do well on line. So, in 2021, we want to work with registrars to inspire businesspeople to be even more successful online. Last year, for example, we ran a series of articles on our website, telling the stories of people who had set up online businesses. The idea being to inspire others. Another big theme for 2021 will be security awareness."

Yes, because cybercrime was booming as well in 2020. What have you been doing to make the Dutch internet safer?

"We're constantly working to make the internet more secure. There are various things we do. Along with our registrars, last year we managed to get the average lifespan of a malicious .nl website down from thirty-one hours to twenty-two. That's more than 25 per cent. And it means that the .nl domain is even less attractive to scammers. Then there's SIDN BrandGuard, which we launched a few years ago. It enables larger organisations to stop people abusing their brands with lookalike domain names. Demand for the service grew significantly in 2020, mainly because of organisations being targeted by crooks trying to use their brands for scams. E-mail address spoofing for CEO fraud or BEC fraud stood out as a growing problem. Fortunately, there are several DNS-based standards for making that kind of thing harder, such as DKIM and DMARC. So we incentivise the use of those standards through a scheme called the Registrar Scorecard. In 2019 and 2020, we increased the incentives we pay to registrars that adopt e-mail security standards.

And SIDN Labs has been looking at the standards for some years. They've done groundbreaking research into fake webshops, phishing scams and DDoS attacks, for example. The knowledge generated is put to effective use by working with external partners."

What about the year ahead?

"We'll continue investing heavily in cybersecurity. One thing we'll be doing is extending SIDN BrandGuard to include content-scanning of suspect sites, so that we can say even sooner whether a site really is malicious. The goal being to cut the lifespan of phishing sites in the .nl domain even more. Meanwhile, the SIDN Labs team is looking further ahead. They want to secure the DNS against attacks that use quantum computers. Because, in a few years, we're likely to see quantum computers capable of mounting attacks that existing protection measures can't prevent. If we don't want to get caught out, we need to start thinking now about how we can protect our infrastructure against these future threats."

So you see the internet becoming more secure here in the Netherlands?

"Generally speaking, yes. Although there are of course trends that we can't influence much. Increasingly, cybercriminals are changing tactics to slip under the radar. For example, although the number of phishing sites in the .nl domain is down, the volume of phishing mail is up. Ransomware is another big source of concern. A company that fails to apply a patch or doesn't update its software can easily find itself in big trouble. Even if you're on top of that, all it takes is one employee clicking a dodgy link. So raising awareness is very important, because we don't see those threats receding any time soon."

How are organisations responding?

"We anticipate that the threat of cybercrime will drive innovation in the field of data policy. More and more technologies are coming on line, which mean that organisations don't keep data locally. Instead, it's shared with the organisation on request. The IRMA digital identity solution, which we support, is a good example. With IRMA, the data subject decides what personal data they want to share with which service providers. Similar schemes have been around for a while, but their adoption is becoming more attractive as the threats posed by hacking, data breaches and ransomware increase. After all, you can't lose data you don't have.

Finally, how do you envisage the online economy performing in 2021?

"That's hard to say. It's inevitable that the wider economy will see a downturn, with some businesses sadly going under. Which obviously isn't good news for our industry. On the other hand, the structural trend towards digitisation will only gather pace. The question for our sector is, to what extent will that trend offset the general downturn? And how quickly will the economy pick up again once pandemic-related restrictions are lifted?

I'm confident that there will be plenty of opportunities for people doing business online. Firms offering their services independently, without using platforms, are increasingly common. Cutting out the middleman means healthier margins and more independence. And everyone's getting used to accessing services online, as well as offline. I say, 'as well' because I hope and expect that, when we're finally through this crisis, we won't go back to living exactly how we used to, but that we'll end up with more 'hybrid' solutions. Like dividing our working time between the office, home and other locations. For instance, where practical, certain care services and educational courses might have a combination of online and offline elements. Or you could have courses and symposiums where people can attend entirely or partly on a remote basis. Or restaurants that offer both table service and takeaway or delivery services."