What is brand risk protection and why does it matter?
Today’s security professionals have become familiar with the idea that every organization has an attack surface that describes its global exposure to threats against internal and cloud applications, devices, users, and data.
The attack surface grows as greater connectivity, cloud applications and myriad new types of device are adopted as an organization expands its digital footprint. It follows that when a security team calculates an organization’s attack surface, what they are really doing is estimating its vulnerability to cyberattack.
However, the idea of the attack surface isn’t always terribly helpful because it assumes that an organization has the tools to understand its true size. As countless successful cyberattacks demonstrate, organisations often discover after the fact that their attack surface was larger than they’d realized.
Brand Risk Protection (BRP)
One issue is that parts of the attack surface are easy to miss because they exist in the public sphere beyond the traditional responsibility of the IT department. It is these sorts of vulnerabilities Brand risk protection (BRP) services are designed to detect and address.
Broadly speaking, BRP defends an organization’s brand and the way this can be manipulated, exploited, and hijacked to deceive customers. It’s a huge and expanding area that includes discovering assets, monitoring for threats, remediating attacks, and managing the organizational processes involved in doing this. The main areas include:
Domain protection – a way of monitoring an organization’s web domains, now routinely targeted by typo-squatters (lookalike web names called homoglyphs) and domain/subdomain impersonation. This has been a problem for many years and is the bedrock of phishing attacks as well as copycat domains selling fake merchandise.
Brand and social media protection – monitoring the web and social media channels for brand impersonation using lookalike or hijacked accounts which abuse trademarks, logos, employees, and brand imagery.
Phishing detection – monitoring threat intelligence, domain registrations and MX record changes for information on phishing campaigns targeting an organization’s employees or customers.
Data leaks – data and credentials stolen from customers, or lists of fake and hijacked accounts, now flood the dark web, deep web, and Telegram channels, where they are traded back and forth. In many cases, organisations are not aware this data has even been taken, which makes DRP detection useful intelligence.
Account, VIP, and social media protection – monitors for stolen and fake employee accounts on channels such as Facebook, Twitter, LinkedIn, and Instagram.
Fake mobile apps – once rare, the use of lookalike mobile apps has grown with their importance to customers. Often served from third-party app stores, these can be difficult to spot.
Disinformation, misinformation, and fake news – an area of growing concern is false information planted to damage a brand’s reputation. A 2019 study by the University of Baltimore estimated that disinformation now costs the global economy $78 billion each year, with even one negative article on a search pages causing a 22% loss of business. Campaigns can also be used to alter a company’s stock price. Disinformation used to be politically or nationally focused but is increasingly being used against businesses for reasons of economic advantage.
What unites all BRP categories is that they are almost impossible to detect using conventional security tools. When they are detected, it is often by employees in departments beyond IT, for example a marketing department that receives complaints about brand impersonation. If an abuse is not detected or is detected by someone without the means to do anything about it, this type of abuse can slowly proliferate.
How does BRP work?
BRP is usually offered as a suite of integrated tools which detect risks using a mixture of automated machine intelligence, threat feeds, and manual processes. The nature of monitoring depends on the threat being assessed. Domain abuse is carried out by analyzing registered domains for ones that look similar to protected domains. Protecting brands is basically the same process conducted on social media or the web, or by constantly searching for specific brand images, product names, email addresses, or leaked credentials.
What distinguishes one BRP system from another is the effectiveness of the remediation features on offer. This can be a complex undertaking because once detected each must be tackled individually and that involves managing a detailed task workflow over extended periods of time.
Ideally, the BRP service should offer a single view of the risks being tracked, with the tools to take down or report counterfeit sites and content, liaising with law enforcement where appropriate. It’s also important that the service can accommodate non-technical employees in departments such as marketing who are increasingly being given the job of tracking brand abuse and disinformation.
Conclusion: don’t ignore brand risks
Perhaps the biggest innovation of BRP is really that it brings together a suite of capabilities that have existed in an ad-hoc way for years, but which weren’t integrated couldn’t scale as abuse increased. Managing digital risks in this informal way is expensive and is bound to miss problems. Integrating BRP mitigation in a single platform is the simplest way to make abuse visible to an entire organization.
Google Chrome is the most popular, clean, and fast web browser of all time. On the top, several Google Chrome extensions are available to improve your browsing experience. Using the Chrome extensions, you can perform multiple operations without downloading a full program like password storage, control mouse gestures, run antivirus scans, and more. However, downloading […]
People use their Mac devices for various reasons, one of the most prominent ones being for browsing purposes. However, after visiting any website on the device, the browser version stores cache and other records of the query in the system. This affects the performance of the system as the excess records can lag the disk […]
Videos are one of the most popular media types among consumers currently, for posting promotional or informative content. This is why YouTube has one of the biggest user-bases currently, and people search for tools to easily download these files. However, YouTube features a strong algorithm and legal guidelines that stop people from downloading or using […]
ONLYOFFICE delivers the newest Docs v.7.0 with additional features, new upgrades, and a host of revisions for professional collaboration uses. (21 January, 2022)- Having a high-quality feature-rich office suite invigorates the productivity rate of companies, professionals, and even homeowners. ONLYOFFICE developers have therefore come up with the latest version of the DOCS online office suite. […]
Ever since WhatsApp launched its own Status feature, people are loving it. As we can add interesting images and videos to our WhatsApp Status to show it to others and also watch others’ status. But the problem often faced by the users is that WhatsApp does not have a Status saver option. So what do […]
It’s no secret that Covid-19 caught numerous businesses off guard in 2020, forcing employers to rapidly transition their staff from working on location to working remotely from home. Along with that transition will come the cybersecurity risks. Did you know that your company’s information can unintentionally be put at risk by you and your employees […]
For the continued safety of the digital system and files, many people download a third-party antivirus program into their device. These keep the system safe from security issues after an intricate scanning process. Windows devices can install options like Norton, Avast, or AVG for quick and efficient malware/virus detection. In many cases, the tag FileRepMalware […]
Software-as-a-Service (SaaS) is expanding very quickly in the entire IT business. SaaS models are the first preferences of many enterprises because of their flexibility, cost-effectiveness and subscription-based model. In the pandemic, companies required the cloud network; thus, SaaS has only got growth and will be growing. Gartner and BMC have given highly optimized reports, according […]
In 2020, Apple’s M1 chip debuted and blew us all away with how much it improved performance and efficiency in the MacBook Air M1, Mac Mini M1, and MacBook Pro M1. Mac users were still on the M1 performance hangover when Apple launched M1 Pro and M1 Max with better performance promise. Both chips are […]
The ability to expand your product abroad requires software localization. Machine translators or proxy services can provide you with a surface level translation of your content, but this will not be nearly enough to make your product culturally appropriate or authentic in new markets. It’s also not a long-term answer if you want to expand […]