You know how important your brand is. It’s an identity, a reputation, an expectation, and a promise to customers. You know the importance of protecting that brand, but can you spot others trying to impersonate your CEO on Twitter or identify fake apps that mimic your company and/or brands to steal customer information? As companies have extended their brand into the digital world, they open up new attack vectors and face new risks they must defend against.
Here are some of the key cyber risks that organizations must consider in order to protect their brand and executives in today’s digital world.
What is Brand Protection?
Most people understand what brand protection is at a high-level, but what do we mean when refer to protecting your brand in a digital world?
Brand security issues typically take place outside of your traditional security tools, like your firewall, IDS or endpoint protection. Instead of protecting a network, you are protecting a concept, the image that is your brand. There are lots of tactics that can harm your brand online. A common one is fake social media pages.
Many organizations have invested in building their social media following, but they haven’t considered the cyber risks that come with that. It is easy for anyone, whether it be a simple internet troll or malicious actor, to make a new Facebook (or any social media site, for that matter) page using your company name and logo, then use this fake profile to interact with your customers.
Even though this tactic is “out of your control”, it can be incredibly damaging to your brand, especially if one of your customers is duped. Without a process or tool that monitors social media for fake accounts, it’s very difficult for organizations to take protect against this vector.
The importance of external digital protection goes beyond the company, it is also applies to protecting your people.
Executives & VIPs
Beyond company profiles, pages impersonating executives or key employees can be made just as easily. We find countless pages impersonating key employees, which is a tactic often used in targeted phishing and social engineering attacks.
Digital executive risk goes well beyond social media into the dark web. Sensitive data is constantly posted on hidden forums or sold on black markets, which poses a risk to all your employees, but to executives in particular. Targeting high-value or high-wealth individuals provides cybercriminals with more opportunity to run schemes and make money, so protecting their PII online is critical.
The next example shows a post containing personal details of a CEO and family that were leaked on the dark web. A leak like this is a huge breach of privacy and creates a physical security concern by making phone numbers and addresses available.
A phishing attack that targets customers and harvests their payment and/or personal details with a fake shopping page isn’t just lost sales, it is comparable to a security breach exposing customer PII. Even though this attack is completely outside your domain or systems, if a customer is phished from a campaign using your brand, they’re likely going to blame you. Another common customer phishing vector is application stores. Add sentence or two about this vector and how its used...
Protecting your brand is protecting your customers. When a brand gets attacked, it is often loyal customers who are targeted. Monitoring for and shutting down potential attacks before your customers become victims is key to protecting your brand online.
Another threat you must protect against is brand misuse or false association. This often occurs when a company or individual wants to boost themselves by piggybacking on your reputation. It is very common to see this in eCommerce, where third-party stores will claim to be an authorized retail partner, yet have no official association with your organization. Monitoring for misuse protects customers from fake sites and strengthens your partnership value for the resellers and partners you work with.
About IntSights Brand and VIP Protection
Our platform’s tailored threat intelligence enables organizations to continuously monitor for and identify potential cyber threats to your brand and/or executives. Using key assets that map to your digital footprint (brand names, social media pages, mobile apps, executive & VIP names etc.), we identify specific threats, including a screenshot, to brand impersonation and create a ticket with that information for your security team to review. Perhaps most importantly, we also enable you to take down brand and executive threats through our partnerships with social media sites, registrars and application stores, so these threats can be mitigated quickly and efficiently.
Want to learn more about important use cases for threat intelligence?