Brand Protection for the Modern Enterprise
It’s no secret that there’s a skills shortage in cybersecurity. Security professionals are in high demand, and many security teams lack the resources they need to operate comfortably (that is, without losing staff to burnout). So, the idea that brand protection increasingly falls under security’s purview may not be the best news for most CISOs. However, as I’ll explain in this blog post, it not only makes sense for security to oversee brand protection in modern enterprise environments, but it is to your benefit, as it can improve the organization’s overall security posture.
Let’s face it, brand protection and infringement aren’t what they used to be. Historically, it fell under corporate legal, where people were trained to perform most detection and monitoring. Brand analysts manually searched for infringements or investigated reported incidents. They gathered and assessed visual assets (images and logos) and text for language and intent. Once an infringement was confirmed, paralegals and attorneys took over enforcement. That people-based approach to brand protection does not suffice for modern enterprises in the digital age.
As the brand goes online, so too do the threats
The Internet has changed the scale and scope of brand infringement activities. The Internet is massive, available 24x7x365, and provides many communication channels that fraudsters can leverage to profit from your brand at a grander scale than ever before. For example, The Wall Street Journal recently reported that fraudsters are using social media platforms at an alarming rate to target victims with personalized ads.
Every case of brand infringement today has an online component for promotion and distribution. Hundreds of incidents can occur overnight, and enforcement can span multiple countries. Given the enormous volume of data that must be processed, the legacy people’s approach to brand protection no longer scales. As we report in our 2022 State of Phishing and Online Fraud Report, the total number of phishing and counterfeit pages reached more than 10.5 million in 2021 – and it continues to grow.
The movement of brand infringement activities into cyberspace isn’t reason enough to give security teams the responsibility of protecting the brand. However, the types of fraudulent activity taking place in cyberspace are. Some of the more common brand infringement tactics include:
• Counterfeit products
• Fake websites
• Phishing attacks
• Business email compromise
• Fraud or scam campaigns
• Copyright infringement
• Social media fraud
• Account takeovers
• Malicious mobile apps
Chances are good that most – if not all – of the tactics listed above are already familiar to you and your security team. Many brand protection strategies overlap with security operations centers’ (SOCs) work. For example, typosquat domains used for phishing attacks are just as much a brand protection problem as a cybersecurity problem and vice versa. However, security (not legal) has the institutional knowledge and skillset to take on typosquatting from both perspectives effectively.
Digital Brand Protection – The Benefits to Security
There is good news for security teams. Approaching issues like phishing and typosquatting from the brand protection strategy perspective can considerably reduce cybersecurity risk, too. Instead of blocking access to the domain, brand protection enforcement involves physically taking down the site. This more definitive method of eliminating a phishing site can considerably reduce the organization’s risk because now it’s not just protected employees but also your company’s customers, partners, and supply chain.
That brings me to technology. Digital detection, monitoring, and enforcement are necessary to reach online brand infringement activities’ scope, scale, and speed. This, too, makes brand protection a good fit for security teams: many of the technologies used to detect and monitor brand infringement are also used within the SOC to detect and monitor cyberattacks. For example, some brand protection solutions use AI to minimize false positives. Computer vision and natural language processing also automate and streamline brand protection workflows.
Finally, like security, brand protection is global and constant. Cyberattackers and fraudsters operate around the clock and the world. Security teams already monitor the organization’s risk at this scale and have the skill set to manage the technology that provides the automation and robust reporting needed to operate effectively.
CISOs and their teams already have a lot of responsibility within the organization. But today, it is as much a cybersecurity problem as a legal one. Fortunately, you don’t have to go it alone. Your team will make the most significant impact by collaborating with the general counsel, sharing tools, and integrating workflows. And you’ll be reducing your organization’s security risk simultaneously.
To learn more about brand protection as it applies to cybersecurity, download our free whitepaper on Best Practices for Modern Brand Protection or get your free Brand Risk Report to see what your business is up against.