Why Does Brand Protection Need to Change?
Bolster works with some of the biggest brands in the world across multiple industries. Our customer base includes some of the largest companies in the world as well as smaller companies whose brand protection needs are simpler, though not less important. Working with this wide range of companies has provided us amazing insights into what it takes for companies to design and implement a modern brand protection program. Historically the domain of the legal group, a growing trend is for the CISO to be one of the key stakeholders, if not the decision maker, on the design and execution of the brand protection strategy.
Traditionally, brand protection solutions have been people-based because much of the nature of the work. Detection and monitoring is not difficult and can be performed by most people with basic training but requires the gathering and assessment of visual (images, logos), text (language used), and intent (information, commercial, social). Unfortunately, the volume of data today that needs to be processed makes people-based solutions unable scale, and in today’s Internet age, the brand protection problem needs to be solved using technology and not just more people. As an industry, there has been a shift to leveraging software and technology such as AI, computer vision, and natural language processing (NLP), which is one of the reasons CISOs are more involved. These are the same technologies and tools used in cybersecurity that have allowed security teams to address the endlessly growing problem of increased, evolving cyber-attacks, and they have the same potential to revolutionize brand protection with exponentially better outcomes.
Brand Infringement Accuracy
Brand protection encompasses a range of infringements, and the accurate assessment of an infringement determines the enforcement options available. Accuracy requires the processing of both visual and textual data. Computer vision, the same technology used in self-driving cars, and natural language processing helps determine the intent of online content in the same way a human would.
Every day brand infringement occurs, you are losing revenue and damaging customer experience. When it comes to enforcement, speed is a powerful weapon. The faster you can detect and take enforcement action, the less money is made by bad actors, who are then likely to stop targeting your company.
Brand Protection Scale
The Internet is massive and growing every day with websites, social media, marketplaces, and it is always open 24x7x365. Some companies experience thousands of brand infringement incidents, and there is no way to overcome this problem without technology and automation.
Who Needs Brand Protection?
Broadly speaking brand protection is something every company needs. We see most companies looking for brand protection solutions when they have an immediate problem. The problem could be a spike in counterfeit products or even phishing campaigns where bad actors are trying to steal credentials of customers.
More recently, cybersecurity teams are taking notice and looking for brand protection solutions to address business email compromise (BEC) attacks. BEC attacks are those where the criminal poses as an employee of a company to defraud another company that has a business relationship. For example, an attacker may pose as an employee of a supplier and send a fake invoice to a manufacturer. Regardless of which group is responsible, it's best to be proactive rather than reactive when designing a modern brand protection strategy.
Fundamentally, brand protection covers a range of problems that companies face. Some of the more common brand infringement attacks are:
• Counterfeit Products
• Fake Websites
• Phishing Attacks
• Business Email Compromise
• Fraud or Scam Campaigns
• Copyright Infringement
• Typo Squatting
• Social Media Fraud
• Account Takeovers
• Malicious Mobile Apps
The range of problems can be daunting for many people. Though you may only have a counterfeit product issue today, you could start seeing social media posts infringing on your brand tomorrow. The Internet is fast-moving and ever-changing, and a modern brand protection program must be adaptable and future-proof.
Luxury goods are not the only ones facing counterfeit product issues. Some of the most counterfeited products are those designed for the mainstream market. Everybody loves a deal, and a pair of sunglasses that retail for $60 are a great bargain when they are on sale for $19.99 because of excess inventory. Counterfeiting has become even more of an issue with the rise in popularity of digital goods such as non-fungible tokens (NFTs).
Fake or fraudulent websites with malintent are a pervasive problem. These sites are often used to sell counterfeit products or communicate an affiliation with the brand being infringed. Though many use lookalike domains, many are starting to create copycat sites using nonsense URLs to avoid detection.
Cybersecurity teams are particularly interested in phishing attacks since it continues to be the number one threat vector for a company. The actual attack usually relies on a fake website that is designed to fool the user into entering their online credentials or to steal personally identifiable information.
Rather than attack a company directly, criminals are starting to attack a company’s suppliers, vendors, and partners in a type of attack known as business email compromise. In this type of attack, an attacker steals the credentials of Company A. They then use that compromised email account to send emails to a customer with a fake invoice. Another method that is becoming more common is for an attacker to create an email address using a lookalike domain, for example “Conpany A” and using that email address to launch the attack.
Stealing money or credentials or selling counterfeit goods all fall under fraud, and it is oftentimes used as a catchall term. Many brand protection programs define infringement too narrowly and miss acting on fraudulent activity. Brand protection programs should evaluate every brand interaction as a potential infringement target for bad actors.
As digital interactions become increasingly important, copyright infringement is becoming a bigger problem every day. Criminals copy everything from logos, videos, product images, and text to impersonate a brand. Though logos, videos, and photos are more straightforward when identifying infringement, text is more difficult, especially when slight modifications have been made.
There has been an explosion of top level domains (*.com, *.net, *.shop, etc.) in recent years resulting in an increase volume of fake sites being set up on domains that look dangerously close to the legitimate one. Add common extensions such as “-support” or “-login” and you have an exponential increase in the number of variations that can be created from a simple domain. A six-letter domain can result in over 100,000 typo squat domains that can be registered by anyone in the world!
The average person spends two hours per day on social media, and our experience has found that the brand infringement problem on social media is up to 4x worse than on the Internet. Social media platforms are closed systems that require purpose-built technology to monitor. Taking down brand infringing posts or locking accounts are also different for each platform, making detection and enforcement even more difficult.
Criminals seek to take over accounts for illicit activities ranging from straight up theft to impersonation to commit some other fraud campaign. Account takeover attacks are typically perpetrated through phishing emails that direct the victim to a website where they are fooled into entering their credentials.
Mobile phones are now the gateway to a person’s personal, financial, and professional information. Mobile malware is an application that is installed on a mobile device for nefarious purposes. Often promoted as a game, useful utility, or money saver, these apps steal information stored on a mobile device or push obtrusive ads that promote legitimate or sometimes counterfeit or substandard products.
How Do I Build a Modern Brand Protection Program?
Any company with an Internet presence needs to have a brand protection program. The extensiveness and number of use cases covered will vary, however, depending on many factors including industry, revenue, and marketing channels. The key to success in brand protection is consistency and repeatability. In many respects, brand protection is very much like weight loss. The solution is straightforward—eat less and exercise more. The desired outcome of losing weight and keeping it off, at the end, depends on consistency and discipline. No matter what tools, technologies, or size of team consistency and discipline is required for success.
Brand Protection Staff: Analysts, Paralegals, Attorneys, Investigators
Historically, the solution to brand protection has been people. Brand analysts manually search for infringements or investigate reported incidents. Evidence is gathered and documented. Enforcement is then undertaken by paralegals or attorneys. This framework still works when the enforcement involves warehouses of physical goods, but it is outdated and will not work when it comes to the Internet. Hundreds of incidents can occur overnight, and enforcement can span multiple countries. You still need analysts, paralegals, attorneys, and investigators, however, the type of work they do and the speed in which they can deliver results is drastically improved when technology is a foundational part of your program.
Brand Protection Processes: Monitoring, Detection, Reporting, Enforcement
Once your brand protection team is established, a key to success is the operational aspect of the program. The design and implementation of the workflows and processes determine how repeatable and successful your program is in the long run. Reports of brand infringement can come from many sources: customer service, website, social media, employees. Once identified, these incidents need to be investigated and documented if an enforcement action is required. A robust design of the interconnections between groups and handoffs will provide a scalable program that delivers the outcomes desired.
Brand Protection Software and Technology
Brand protection software and technology are critical for modern brand security programs. Every brand infringement problem has an online component for promotion and distribution. Disrupting the supply chain by seizing inventory at a warehouse does have an impact, but this type of enforcement action is slow, time consuming, and expensive, involving lawyers, court filings, and travel across multiple countries.
Digital detection, monitoring, and enforcement must be one of the primary focus areas for any modern brand protection program. Digital enforcement that is fast and efficient disrupts the cash flow of the criminal as much as the warehouse raid, and it can be done in minutes compared to months or years.
Brand protection software and technology can help brand protection teams improve their detection and monitoring. Keywords are often used by criminals to promote their illicit goods, and software that monitors keyword usage can help uncover these sites on the Internet, social media, or marketplaces. There is similar software that helps do the same thing for images.
The problem of brand protection software that does not leverage AI is false positives—a result that incorrectly indicates a brand infringement has occurred. Industry-leading AI (https://bolster.ai/technology) combines visual (logos and images) and textual context to make a brand infringement verdict. This is the most accurate and only way that brand protection software can identify brand infringement while minimizing false positives.
Cybersecurity and Brand Protection Collaboration
Brand protection has many parallels to cybersecurity, and many of the use cases overlap with the work that occurs in security operation centers. Typosquat domains used for phishing attacks are an infosec problem just as much as a brand protection problem. Brand protection enforcement of taking down a site is a much more definitive method of eliminating a phishing site than the traditional infosec approach of blocking access to the site for employees. Taking down the site protects not just the employees but also a company’s customers, partners, and supply chain.
However, identifying, monitoring, and leveraging AI to find threats is relatively new in brand protection and much more widely adopted in cyber security. Brand protection and cyber security have a huge opportunity to leverage the skills from the two different functions, and modern brand protection programs includes close collaboration between the groups.
What to Look for in Brand Protection Service Providers
Modern programs require a service provider who has developed purpose-built brand protection software to help companies address the problem. The best brand protection service providers are more technology companies than service companies. Brand protection service providers who solve the problem with lower cost labor are living in the past and will not keep up with the ever-changing threat landscape. Companies who do not have a technology solution reveal themselves by pricing their services based on hours or volumes, e.g., takedowns, incidents, etc.
Image and Keyword Detection
Brand infringement can occur on the Internet in many places. Beyond just websites, social media platforms, and marketplaces have emerged as hotbeds for brand infringement. Social media is a criminal’s dream because profiles are free, and they can target their victims with precision—just like legitimate businesses. Brand protection services must use a combination of image and keyword detection to understand the intent of a site, social media post, or marketplace listing. Otherwise, you will be wading through an endless volume of false positives.
Brand Infringement Analysis or Triage
Once a potential brand infringement incident is detected, it must be analyzed to verify that it is not a false positive. For online incidents, many incidents are straightforward, though unfortunately these tend to be the highest volume. For example, a password reset page hosted on a typosquat URL does not take much analysis. The time-consuming part is the gathering of the telemetry and documenting the evidence to undertake an enforcement action.
Enforcement and Monitoring
Once a brand infringement incident has been verified, there are usually multiple options for enforcement. The desired outcome is to remove the infringing content from the Internet, social media platform, or marketplace. Beyond that, you can also try to take over the domain or freeze accounts. The problem is that the criminal will just do it again with a different domain or account. We have found that criminals are very practical, and if you make it inconvenient enough for them, they will eventually move on. This means that detection and enforcement with post-enforcement monitoring to ensure it does not come back up is the best weapon to deter criminals from infringing your brand.
Alerting and Reporting
Very similar to cybersecurity, brand protection is global and constant. Counterfeit products, credential theft, and monetary scams occur 24 hours a day 7 days per week. As a result, modern brand protection programs are also operating around the clock, and this is achieved by leveraging automation and technologies such as AI and natural language processing. This requires a robust, intuitive alerting and reporting capability so that the program owner can understand the issues and assign resources where needed. Robust reporting can also uncover trends that can help improve the program going forward.
Technology has disrupted many industries, and brand protection is no different. AI, computer vision, and natural language processing have automated and helped brand protection teams streamline their workflows, increase their accuracy, and scale to handle the multiple types of brand infringement attacks that teams see today. Any company with a meaningful online presence or interact digitally with their customers or partners need a brand protection program. In the online world, brand protection incidents overlap with cybersecurity. Modern brand protection programs require CISOs and general counsels to collaborate, share tools, and integrate their workflows for the greatest impact.
Our company works with some of the biggest brands in the world, and we have been at the front lines of the transformation brand protection programs are going through. We leverage technology to solve what was once a human-based solution, leading to a more efficient, cost-effective solution with better outcomes.
To learn more about how we can help modernize your brand protection program, request a free, no obligation demo.