What’s Keeping CISOs Up at Night? Brand Abuse

By Faisal Shah, CEO, Appdetex

Chief information security officers (CISO) don’t get much rest. They can’t while their teams are in a relentless battle with adversaries working around the clock to evade defenses and leverage potential gaps in the extended perimeter of the company’s network. And now, CISOs face more insomnia as their teams are tasked with defending an even more challenging perimeter: customer-facing digital channels.

Malicious actors are using these channels to weaponize brands and compromise unsuspecting users. Like legitimate marketing campaigns, their efforts may employ an array of digital touchpoints — email, search engines, online ads, social media sites, website and marketplace listings, and even mobile app stores. Adversaries use social engineering and technology-driven exploits to divert consumers as they seek engagement with brands. Then, they employ a range of techniques to monetize their activities, from delivering malware to selling fake products to harvesting users’ credentials.

An opportunity to detect and take down brand attacks faster

Consumers aren’t the only ones to suffer damage from brand attacks, of course. Enterprises can face a mountain of fallout, from reputational damage to lost sales. To combat this risk, business leadership looks to the legal function — which is on the front line of protecting the company’s intellectual property — to identify and investigate instances of brand abuse. And, leadership relies on the CISO and security team to do essentially the same thing from an IT perspective across all of the company’s customer-facing digital channels.

When needed, these two functions cooperate on investigations. But more often, they work in silos. Wouldn’t it make more sense for them to fight brand abuse in the digital realm together in a more coordinated and ongoing fashion? That would allow them to cover more ground, correlate data on threats faster, expedite investigations, and, ultimately, reduce the time-to-live (TTL) of brand attacks.

Many forward-thinking CISOs already know the answer to this question is “yes.” And, as they lie awake at night, they may wonder, “How can my team collaborate effectively with brand protection to expedite the mitigation and investigation of brand attacks?”

Exactly how the security team and the brand protection team, which is charged with securing the organization’s brands and intellectual property, structure a more formal working relationship will depend on the company and its specific needs. But there are a few steps that CISOs and General Counsels can take together to ensure collaboration between their functions is productive and delivers positive results:

1.  Optimize workflows

Brand protection and security teams need to optimize workflows so they can expedite high-priority remediations. It’s critical to figure out that framework upfront, and not when a threat emerges.

2. Formalize data sharing and risk mitigation protocols

These issues need to be considered when establishing the framework for optimizing workflows. How will the functions share information? What tools will they use? And, when a threat is discovered, how will they work together to stop it or reduce its impact?

3. Sweep and monitor digital channels

The brand protection and security teams — along with the business teams — should sweep and monitor digital channels both before and after the launch of a new product or promotion. This process needs to start well before the launch date and continue for as long as deemed necessary.

4. Continue applying function-specific expertise and tools

The security and brand protection teams have their own tools, systems, and data for investigating and mitigating threats. And they should continue to use them to uncover and abate all aspects of a brand attack and monitor malicious activity. What will be different, though, once these two functions commit to more formal collaboration, is how they exchange data throughout an investigation.

What does this look like in practice? Consider this example: A malicious actor uses several branded and unbranded sites to mount an attack. The IT security team discovers the activity first and then passes relevant data and metadata to the brand protection organization for enforcement. That team then uses their tools and workflows, which are built around intellectual property constructs, to uncover more than 100 related sites, social accounts, ad accounts, and marketplace listings, as well as other data. Through that process, they also discover evidence of another cyber threat and pass that information back to the security team for additional investigation and remediation.

This example shows how collaboration between these functions can create a positive cycle that enhances security investigations, augments attribution efforts, accelerates resolution, and helps reduce a brand attack’s TTL. And, by knowing they’re shortening the life span of these attacks, CISOs may find they can actually get a little more sleep at night.