Brand protection: a critical part of information security

Risk Management03 Oct 2023

Rachel Jones at SnapDragon Monitoring argues that ignoring Brand Protection could be the biggest mistake in your cyber-strategy

Gone are the days when the consequences of cyber-attacks were purely digital. No longer the preserve of would-be hackers or rogue rivals, in today’s interconnected world the reach of cyber-attacks have very real consequences, causing catastrophic events that put vital defences at risk while destroying businesses, brands and reputations.

For organisations concerned about cyber-risks, digital defences are critical, but these cannot overlook brand protection.

But, what is brand protection and how does it fit into corporate cyber-security strategy?

To start with, neither should be seen as an “either or" - but rather critical defences which go hand in hand. While organisations are often well equipped in defending against traditional cyber-crime, the value of brand protection is often overlooked or misunderstood. Here’s why.

Where cyber-security measures may focus on protecting against threats targeting corporate assets, brand protection targets the external threats that impact a brand’s safety and reputation. Protecting and enforcing digital assets from abuse and misuse online, brand protection is a key tool in any brand’s arsenal in the digital age.

What’s more, when it comes to enforcement, brand protection has very real benefits too - helping ensure bad actors and even counterfeits are removed and taken offline.

Given the variety of brand threats online, the scale and range they present will never be identical for every business. However, the vast majority can be broken into two predominant categories:

Direct brand attacks

When online adversaries directly target a brand, their routine attack vector is impersonation attacks.

While such attacks can appear anywhere online, when it comes to brand impersonation the most common tactic is to create a near-identical replica of a brand’s official website or social media. These attacks are very effective – with the release of generative-AI tools, such as ChatGPT, making them faster and easier to execute.

Once the replica sites have been created, criminals direct consumers to them via phishing. While the occasional infringer may offer dangerous fakes this way, in most cases when a would-be customer attempts to make a purchase, or even enter a promotion, their personal data and/or credit card details are stolen. The ultimate case of buyer’s remorse – and a very real threat for genuine brands to combat.

Sadly, these scams are very difficult to identify because the sites set up by fraudsters are very similar to the legitimate brand’s URL. Specially, these differences can be as subtle as using an almost imperceptible typo or unofficial top-level domain - for example .de versus .com – while others may claim to be a certified outlet store or reseller.

Even more confusingly, in terms of look and feel, fake websites mirror their genuine counterparts almost exactly - meaning it takes a highly experienced individual to realise something is amiss.

When it comes to social media spoofing, these scams are similarly hard for consumers to identify because criminals will often set them up as customer service outlets, “local” pages or even fake employee accounts, such as a CEO. Once established, cyber-criminals use these fake platforms to post messages which are harmful to followers and customers, with their primary goal being to profit at a brand’s expense.

While money is usually the driving factor, malicious actors sometimes create posts purely to damage a brand’s reputation - from misleading information to outright dangerous content.

These impersonation attacks are now rife and can cause serious brand damage. If that weren’t enough, for organisations that do nothing the negative impact is only amplified by disgruntled customers unhappy they’ve been caught out. To add to this misery, once duped, many will often go straight to brands to claim back their lost money or spread poor reviews.

Indirect brand damage

The direct cost of leaving a brand’s safety to chance is clear - but when it comes to the indirect impact of cyber-attacks, it all comes down to reputation. Cyber-crime is widely regarded as the number one business threat today, so it stands to reason that the harm and likelihood of being attacked is higher than ever. While increasing awareness is a positive step, no brand should see themselves as immune - or remain unprepared for brand threats.

So what should brands consider? In practical terms, this means having a comprehensive cyber-security strategy which addresses key concerns. To start with, no brand protection is complete without a prepared and protected digital asset portfolio – whether a single trademark or a litany of highly prized patents. These are weapons which will help ensure brands have the power to fight against bad actors and defend their reputation.

To use these digital assets most effectively, it’s critical to proactively monitor for threats and enforce them when they appear. Calling on specialist technology and expertise to build a planned approach is where brands should begin. Doing so helps businesses know where to target resources, empowering them to act quickly, saving precious time, money and minimising the impact of reputational damage.

What’s more, building brand protection into cyber-security offers businesses much-needed transparency of current and future threats, allowing brands to communicate effectively with stakeholders whenever incidents take place.

Building brand protection into security programs

Given the risks cyber-crime can impose on businesses, both direct and indirect, it is essential these are accounted for and embedded into cyber-security strategies.

To protect against impersonation attacks the best defence is to implement tools which can detect illegitimate websites and social pages. While criminals often use AI to build these illicit pages today, AI is also hugely valuable in defending against them.

While ad-hoc searches may reveal the occasional threat, for comprehensive cover, organisations benefit most by using defensive AI tools which scan the web and social sites continuously to help identity cyber-threats. This means that whenever fraudulent sites are found, the organisation, or its brand protection agent, can immediately work to have them removed. This protects customers against a serious threat and allows organisations to target bad actors, while the proactivity keeps revenues and reputation safe.

When it comes to recovering from cyber-attacks successfully, without causing any lasting brand damage, this means “being prepared”. Regardless of how insulated a brand may appear today, organisations must build an effective brand protection strategy in cyber-defences which accepts that attacks will occur - and focus on how to best to mitigate against them safely and successfully without any lasting impact.

Much like an insurance policy, ensuring businesses are protected before incidents take place is the most sensible approach.

By understanding the impact of cyber-crime on brands, organisations can remain one step ahead of adversaries - using defensive tools to keep customers and assets safe, while being prepared and ready to respond with a well-considered strategy – ensuring success in the face of adversity.

Rachel Jones is chief innovation officer and founder at SnapDragon Monitoring

Main image courtesy of iStockPhoto.com