Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
Ecommerce is growing faster in Australia and New Zealand than anywhere else in the world.
Australians spent over $50 billion on ecommerce in 2020, with 52% shopping online more than usual during the COVID pandemic. This is a huge digital success story, but as the figures have risen, so have the threats. As eCommerce brands brace themselves for the upcoming shopping season, it’s a good time for their CISOs and CMOs to review their cybersecurity measures as well.
Brand exploitation is a growing danger
Mimecast’s research shows that 43% of organisations have seen an increase in brand impersonation attempts via counterfeit websites, while 47% have seen a rise in malicious email spoofing. Large companies like Microsoft and DHL are among the most targeted organisations globally, but no business involved in ecommerce is safe.
Attacks can be orchestrated through emails, spoofed websites or formjacking. Whatever their approach, cybercriminals are exploiting public trust in your brand and your products. As bad as it is for the hapless customers that lose their money to a scam, brand exploitation can be hugely damaging to your business:
If customers are ripped off or have their data stolen, your reputation will take a serious hit, regardless who's at fault
If they receive poor quality counterfeit goods, it’ll reflect badly on your official products
Fighting back against the criminals takes time and money, including legal costs
Would-be customers may be directed away from your sites and towards fake ones, resulting in a decline in sales
Illegitimate portals may erode trust in you from your distributors or other parts of your supply chain
Cyber and marketing teams don’t always see eye to eye, but they’re in this together
Despite the list of horrors above, some brands are only just waking up to the dangers of brand exploitation, while others find it hard to produce an effective, company-wide response. Part of the problem is that different parts of your organisation likely have different goals. Marketing teams want to throw the doors open and get as many eyeballs on products as possible, while cybersecurity teams want to limit the surface attackers can exploit. This means that the goals of CMOs and CISOs can sometimes be at odds, and makes it difficult to present a unified case to other stakeholders. Without clear information, senior executives may not understand the full extent of the threat of brand exploitation or the right balance to strike.
One issue that keeps cropping up is that some of the measures that increase online security can make marketers’ jobs harder. Emails are a hugely valuable tool for marketers, but also present a vast opportunity for cybercriminals. Research shows that 40% of customers don’t hesitate to click on links in emails from their favourite brands.
Marketers may also rely on the use of multiple domains for different ecommerce sub-brands or audiences, or outsourcing email campaigns to different providers. Implementing measures like DMARC, a powerful email authentication protocol, will take far longer if you’ve dealing with multiple domains or providers. And cyber teams will find their job more time-consuming if they’ve a wider range of sites to assess and secure.
But looking at the big picture, the CMO and CISO have a common goal: they both want to protect the business and safeguard customer trust. This gives us a starting point to mount a cohesive defense against cyberattacks.
Taking your CMO into confidence
Bridging the gap between security and marketing requires collaboration. It’s important to listen to the requirements of the marketing team, so you can find a solution that suits their needs, and they can keep you across legitimate brand use. But just as important is encouraging marketing to take customer safety into account.
Showing the scale of the threat from phishing and counterfeit sites is crucial. Rather than offering technical explanations, one approach is to set up a proof of concept to reveal just how many malicious emails are sent. Monitoring emails with DMARC can reveal the sheer number of the brand impersonation messages sent, and their impact. This can be a great way to illustrate the threat to other stakeholders.
Using the right tools for brand exploitation protection
Research suggests that customers expect the brands they trust to protect them from fake sites, impersonators and scams. Online retailers like Amazon have invested more than $500 million and 8,000+ employees to fight fraud and counterfeiting. Fortunately, your company might not need that kind of manpower to fight off fraudsters.
Selecting the best brand exploitation protection tools for your business can be a highly effective way to combat online fraud. These monitor the web on your behalf, searching not just the domains you own, but external ones too. By combining machine learning with targeted scans, these tools can identify attacks and suspicious sites, wherever they originate, and take down the offending pages.
These results can then be fed back to marketing and other stakeholders via ongoing metrics and reporting. That should help communicate the level of threats the organisation faces, and of the importance of a strong partnership with the cybersecurity team.
Everyone in your organisation has a role to play
Starting a dialogue about brand exploitation with teams across your company can make tackling the threat far more manageable, and tools that help you both tackle and publicise the problem are a double win. That’s because monitoring emails and fraudulent websites is only part of a wider picture.
Social media teams have a vital role to play in both expressing your brand’s authentic voice and watching out for impersonators. Your legal team may be working to register intellectual property or arrange non-disclosure agreements covering confidential information with partners. Customers, too, can be forewarned by cyber messaging that helps them identify threats, and marketing efforts that help them tell the difference between your brand and dodgy rip-offs.
Beating brand exploitation is a team sport
Brand exploitation is a growing threat in Australia and New Zealand. Various tools can help, including email validation such as DMARC and brand exploitation services. But working productively with other departments is an essential part of any response, and a proof of concept is a crucial weapon in getting the rest of the business on board and spreading awareness. Keeping cybercriminals at bay is a collaboration, and with marketing by your side, brand exploitation becomes a much more manageable threat, gives your customers peace of mind, and ensures your company’s reputation stays well-regarded and well-defended.