Modern Brand Protection for the Modern Enterprise
It’s no secret that there’s a skills shortage in cybersecurity. Security professionals are in high demand and many security teams lack the resources they need to operate comfortably (that is, without losing staff to burn out). So, the idea that brand protection is increasingly falling under security’s purview may not be the best news for most CISOs. However, as I’ll explain in this blog post, it not only makes sense for security to oversee brand protection in modern enterprise environments, but it is to your benefit, as it can improve the organization’s overall security posture.
Let's face it, brand protection and brand infringement aren’t what they used to be. Historically, brand protection fell under corporate legal, where people were trained to perform most of the detection and monitoring. Brand analysts manually searched for infringements or investigated reported incidents. They gathered and assessed visual assets (such as images and logos), as well as text, for language and intent. Once an infringement was confirmed, paralegals and attorneys took over enforcement. That people-based approach to brand protection simply does not suffice for modern enterprise in the digital age.
Modern Brand Protection: As the brand goes online, so too do the threats
The Internet has changed the scale and scope of brand infringement activities. The Internet is massive, available 24x7x365, and provides a multitude of communication channels that fraudsters can leverage to profit from your brand at a greater scale than ever before. For example, The Wall Street Journal recently reported that fraudsters are using social media platforms at an alarming rate to target victims with personalized ads.
Every case of brand infringement today has an online component for promotion and distribution. Hundreds of incidents can occur overnight, and enforcement can span multiple countries. Given the enormous volume of data that must be processed, the legacy people approach to brand protection no longer scales. As we report in our 2022 State of Phishing and Online Fraud Report, the total number of phishing and counterfeit pages reached a total of more than 10.5 million in 2021 – and it continues to grow.
The movement of brand infringement activities into the realm of cyberspace isn’t reason enough to give security teams the responsibility of protecting the brand. However, the types of fraudulent activity taking place in cyberspace is. Some of the more common brand infringement tactics include:
• Counterfeit products
• Fake websites
• Phishing attacks
• Business email compromise
• Fraud or scam campaigns
• Copyright infringement
• Social media fraud
• Account takeovers
• Malicious mobile apps
Chances are good that most – if not all – of the tactics listed above are already familiar to you and your security team. Many of the brand protection use cases overlap with work that already occurs in security operations centers (SOCs). For example, typosquat domains used for phishing attacks are just as much a brand protection problem as they are a cybersecurity problem and vice versa. However, security (not legal) has the institutional knowledge and skillset to more effectively take on typosquatting from both perspectives.
Brand Protection - The Benefits to Security
There is good news for security teams. Approaching issues like phishing and typosquatting from the perspective of brand protection can considerably reduce cybersecurity risk, too. Instead of blocking access to the domain, brand protection enforcement involves physically taking down the site. This more definitive method of eliminating a phishing site can considerably reduce the organization’s risk because now it’s not just employees that are protected but also your company’s customers, partners, and supply chain.
That brings me to technology. Digital detection, monitoring, and enforcement is necessary to reach the scope, scale, and speed of brand infringement activities online. This, too, makes brand protection a good fit for security teams: many of the technologies used to detect and monitor brand infringement are also used within the SOC to detect and monitor cyberattacks. For example, some brand protection solutions use AI to minimize false positives. Computer vision and natural language processing are also used to automate and streamline brand protection workflows.
Finally, like security, brand protection is global and constant. Cyberattackers and fraudsters operate around the clock and around the world. Security teams already monitor the organization’s risk at this scale, and they have the skillset to manage the technology that provides the automation and robust reporting needed to operate effectively.
CISOs and their teams already have a lot of responsibility within the organization. But, today, brand protection is as much a cybersecurity problem as it is a legal problem. Fortunately, you don’t have to go it alone. Your team will make the greatest impact by collaborating with general counsel, sharing tools, and integrating workflows. And you’ll be reducing your organization’s security risk at the same time.