Businesses are relying more and more on digital assets and solutions to run operations. As the focus shifts to highlight the digital age, brand protection has become an essential aspect of business strategy.
Criminals are attacking brands online with fake domains, counterfeit products, and scams, all to gain access to company data and finances. As the types of cyber attacks shift, it’s important for security leaders to adopt brand protection, and make sure their solution is aligned with modern challenges.
Why Does Brand Protection Need to Modernize?
Bolster works with some of the biggest brands in the world across multiple industries. Our customer base includes some larger companies, and smaller companies whose brand protection needs are simpler, though not less important. Working with a range of companies has provided key insights into what it takes for companies to design and implement a modern brand protection program.
Historically the domain of the legal group, a growing trend is for the CISO to be one of the key stakeholders, if not the decision maker, on the design and execution of the brand protection strategy.
Traditionally, brand protection solutions have been people-based because of the need for human eyes to scan over the assets in question. Detection and monitoring was not always difficult, and could be performed by most people with basic training.
Brand protection requires the gathering and assessment of visuals (images, logos), text (language used), and intent behind the asset (information, commercial, social). Unfortunately, the volume of data today that needs to be processed makes people-based solutions unable scale, and in today’s Internet age, the brand protection problem can’t be solved with people alone.
In the cyber security protection world, there has been a shift to leveraging software and technology such as AI, computer vision, and natural language processing (NLP), which is one of the reasons CISOs are more involved today than ever before.
These are the same technologies and tools used in cybersecurity that have allowed security teams to address the endlessly growing problem of increased, evolving cyber-attacks, and they have the same potential to revolutionize brand protection with exponentially better outcomes as your company grows.
Brand infringement accuracy
Brand protection encompasses a range of infringements, and the accurate assessment of an infringement determines the enforcement options available. Accuracy requires the processing of both visual and textual data. Computer vision, the same technology used in self-driving cars, and natural language processing, helps determine the intent of online content in the same way a human would.
Every day brand infringement occurs, you are losing revenue and damaging customer experience. When it comes to enforcement, speed is a powerful weapon. The faster you can detect and take enforcement action, the less money is made by bad actors, who are then likely to stop targeting your company.
Brand protection scale
The Internet is massive and growing every day with websites, social media, marketplaces, and it is always open. Some companies experience thousands of brand infringement incidents, and there is no way to overcome this problem without technology and automation.
Who Needs Brand Protection Technology?
Broadly speaking, brand protection is something every company needs. We see most companies looking for brand protection solutions when they have an immediate problem, including counterfeit products or phishing campaigns where bad actors are trying to steal credentials of customers.
More recently, cybersecurity teams are taking notice and looking for brand protection solutions to address business email compromise (BEC) attacks. BEC attacks are those where the criminal poses as an employee of a company to defraud unsuspecting employees, prospects, customers, or business partners. For example, an attacker may pose as an employee of a supplier and send a fake invoice to a manufacturer.
Fundamentally, brand protection covers a range of problems that companies face. Some of the more common brand infringement attacks are:
- Counterfeit Products
- Fake Websites
- Phishing Attacks
- Business Email Compromise
- Fraud or Scam Campaigns
- Copyright Infringement
- Social Media Fraud
- Account Takeovers
- Malicious Mobile Apps
The range of problems can be daunting for many cybersecurity and IT teams. What starts as one problem could also indicate a larger compromising scam than you think. You may only have a counterfeit product issue today, but you could start seeing social media posts infringing on your brand tomorrow. The Internet is fast-moving and ever-changing, and a modern brand protection program must be adaptable and future-proof.
Luxury goods are not the only ones that face counterfeit product issues. Some of the most common counterfeited products are those designed for the mainstream market. Everybody loves a deal, and a pair of sunglasses that retail for $60 are a great bargain when they are on sale for $19.99 because of excess inventory.
Counterfeiting has become even more of an issue with the rise in popularity of digital goods such as non-fungible tokens (NFTs).
Fake or fraudulent websites created with the intent to deceive users looking for a legitimate domain are a pervasive problem. These sites are often used to sell counterfeit products or communicate an affiliation with the brand being infringed. Though many use lookalike domains, many are starting to create copycat sites using nonsense URLs to avoid detection.
Bolster offers multiple tools to scan domains and detect typosquat activity, based on automation so your team doesn’t have to spend unnecessary resources on manual domain management.
Cybersecurity teams are particularly interested in phishing attacks since it continues to be the number one threat vector for a company. The actual attack usually relies on a fake website that is designed to fool the user into entering their online credentials or to steal personally identifiable information.
Busines email compromise (BEC)
Rather than attack a company directly, criminals are starting to attack a company’s vendors, employees, and customers in a type of attack known as business email compromise. In this type of attack, an attacker steals the credentials of Company A. They then use that compromised email account to send emails to a customer with a fake invoice.
Another method that is becoming more common is for an attacker to create an email address using a lookalike domain, for example “Conpany A” and using that email address to launch the attack.
Fraud or scam campaigns
Stealing money or credentials, or selling counterfeit goods all fall under the fraud umbrella, and it is oftentimes used as a catchall term. Many brand protection programs define infringement too narrowly and miss acting on fraudulent activity. Brand protection programs should evaluate every brand interaction as a potential infringement target for bad actors.
As digital interactions become increasingly important, copyright infringement is becoming a bigger problem every day. Criminals copy everything from logos, videos, product images, and text to impersonate a brand. Though logos, videos, and photos are more straightforward when identifying infringement, text is more difficult, especially when slight modifications have been made.
There has been an explosion of top level domains (*.com, *.net, *.shop, etc.) in recent years resulting in an increase volume of fake sites being set up on domains that look dangerously close to the legitimate one.
Add common extensions such as “-support” or “-login” and you have an exponential increase in the number of variations that can be created from a simple domain. A six-letter domain can result in over 100,000 typo squat domains that can be registered by anyone in the world!
Social media fraud
The average person spends two hours per day on social media, and our experience has found that the brand infringement problem on social media is up to 4x worse than on the Internet. Social media platforms are closed systems that require purpose-built technology to monitor.
Taking down brand infringing posts or locking accounts are also different for each platform, making detection and enforcement even more difficult.
Criminals seek to take over accounts for illicit activities ranging from straight up theft to impersonation to commit some other fraud campaign. Account takeover attacks are typically perpetrated through phishing emails that direct the victim to a website where they are fooled into entering their credentials.
Malicious mobile apps
Mobile phones are now the gateway to a person’s personal, financial, and professional information. Mobile malware is an application that is installed on a mobile device for nefarious purposes.
Often promoted as a game, useful utility, or money saver, these apps steal information stored on a mobile device or push obtrusive ads that promote legitimate or sometimes counterfeit or substandard products.
Hackers are also creating fake app store postings mimicking legitimate brands in order to deceive customers and prospects into divulging sensitive login information to a fake app.
How Do I Build a Modern Brand Protection Program?
Based on our analysis of the digital environment, any company with an Internet presence needs to have a brand protection program. The extensiveness and number of use cases covered will vary, however, depending on many factors including industry, revenue, and marketing channels.
The key to success in brand protection is consistency and repeatability. No matter what tools, technologies, or size of team consistency and discipline is required for success.
Brand protection staff: Analysts, paralegals, attorneys, investigators
Historically, the solution to brand protection has been people. Brand analysts manually search for infringements or investigate reported incidents. Evidence is gathered and documented. Enforcement is then undertaken by paralegals or attorneys.
This framework still works when the enforcement involves warehouses of physical goods, but it is outdated and will not work when it comes to the Internet. Hundreds of incidents can occur overnight, and enforcement can span multiple countries.
You still need analysts, paralegals, attorneys, and investigators, however, the type of work they do and the speed in which they can deliver results is drastically improved when technology is a foundational part of your program.
Brand protection processes: Monitoring, detection, reporting, enforcement
Once your brand protection team is established, the key to success is the operational aspect of the program.
The design and implementation of the workflows and processes determine how repeatable and successful your program is in the long run. Reports of brand infringement can come from many sources: customer service, website, social media, employees. Once identified, these incidents need to be investigated and documented if an enforcement action is required.
A robust design of the interconnections between groups and handoffs will provide a scalable program that delivers the outcomes desired.
Brand protection software and technology
Brand protection software and technology are critical for modern brand security programs. Every brand infringement problem has an online component for promotion and distribution. Disrupting the supply chain by seizing inventory at a warehouse does have an impact, but this type of enforcement action is slow, time consuming, and expensive, involving lawyers, court filings, and travel across multiple countries.
Digital detection, monitoring, and enforcement must be one of the primary focus areas for any modern brand protection program. Digital enforcement that is fast and efficient disrupts the cash flow of the criminal as much as the warehouse raid, and it can be done in minutes compared to months or years.
Brand protection software and technology can help brand protection teams improve their detection and monitoring. Keywords are often used by criminals to promote their illicit goods, and software that monitors keyword usage can help uncover these sites on the Internet, social media, or marketplaces. There is similar software that helps do the same thing for images.
The problem of brand protection software that does not leverage AI is false positives—a result that incorrectly indicates a brand infringement has occurred. Industry-leading AI (/technology) combines visual (logos and images) and textual context to make a brand infringement verdict. This is the most accurate and only way that brand protection software can identify brand infringement while minimizing false positives.
Cybersecurity and brand protection collaboration
Brand protection is integrated with cybersecurity programs, and many of the use cases overlap with the work that occurs in security operation centers.
Typosquat domains used for phishing attacks are an infosec problem just as much as a brand protection problem. Brand protection enforcement of taking down a site is a much more definitive method of eliminating a phishing site than the traditional infosec approach of blocking access to the site for employees. Taking down the site protects not just the employees but also a company’s customers, partners, and supply chain.
However, identifying, monitoring, and leveraging AI to find threats is relatively new in brand protection and much more widely adopted in cyber security. Brand protection and cyber security have a huge opportunity to leverage the skills from the two different functions, and modern brand protection programs includes close collaboration between the groups.
What to Look for in Brand Protection Service Providers
Modern programs require a service provider who has developed purpose-built brand protection software to help companies address the problem. The best brand protection service providers are more technology companies than service companies.
Brand protection service providers who solve the problem with lower cost labor are living in the past and will not keep up with the ever-changing threat landscape. Companies who do not have a technology solution reveal themselves by pricing their services based on hours or volumes, e.g., takedowns, incidents, etc.
Image and keyword detection
Brand infringement can occur on the Internet in many places. Beyond just websites, social media platforms, and marketplaces have emerged as hotbeds for brand infringement. Social media is a criminal’s dream because profiles are free, and they can target their victims with precision—just like legitimate businesses.
Brand protection services must use a combination of image and keyword detection to understand the intent of a site, social media post, or marketplace listing. Otherwise, you will be wading through an endless volume of false positives.
Brand infringement analysis or triage
Once a potential brand infringement incident is detected, it must be analyzed to verify that it is not a false positive. For online incidents, many incidents are straightforward, though unfortunately these tend to be the highest volume.
For example, a password reset page hosted on a typosquat URL does not take much analysis. The time-consuming part is the gathering of the telemetry and documenting the evidence to undertake an enforcement action.
Enforcement and monitoring
Once a brand infringement incident has been verified, there are usually multiple options for enforcement. The desired outcome is to remove the infringing content from the Internet, social media platform, or marketplace. Beyond that, you can also try to take over the domain or freeze accounts.
The problem is that the criminal will just do it again with a different domain or account. We have found that criminals are very practical, and if you make it inconvenient enough for them, they will eventually move on. This means that detection and enforcement with post-enforcement monitoring to ensure it does not come back up is the best weapon to deter criminals from infringing your brand.
Alerting and reporting
Very similar to cybersecurity, brand protection is global and constant. Counterfeit products, credential theft, and monetary scams occur 24 hours a day 7 days per week. As a result, modern brand protection programs are also operating around the clock, and this is achieved by leveraging automation and technologies such as AI and natural language processing.
This requires a robust, intuitive alerting and reporting capability so that the program owner can understand the issues and assign resources where needed. Robust reporting can also uncover trends that can help improve the program going forward.
Start Utilizing Brand Protection Technology Today
Technology has disrupted many industries, and brand protection is no different. AI, computer vision, and natural language processing have automated and helped brand protection teams streamline their workflows, increase their accuracy, and scale to handle the multiple types of brand infringement attacks that teams see today.
Any company with a meaningful online presence or interact digitally with their customers or partners need a brand protection program. In the online world, brand protection incidents overlap with cybersecurity. Modern brand protection programs require CISOs and general counsels to collaborate, share tools, and integrate their workflows for the greatest impact.
Bolster works with some of the biggest brands in the world, and we have been at the front lines of the transformation brand protection programs are going through. We leverage technology to solve what was once a human-based solution, leading to a more efficient, cost-effective solution with better outcomes.
Bolster offers brand protection technology tailored to your businesses needs and threat landscape. With automated monitoring and takedown technology, you can trust Bolster will protect your brand, without manual intervention.
To learn more about how we can help modernize your brand protection program, request a free, no obligation demo.