Brand Impersonation and the role of CISOs

Emerging technologies have marked a surge in cyberattacks as economies undergo a digital push. The mushrooming rate of digitisation, fuelled by the COVID-19 pandemic, has led to this ongoing spurt of cybercrime. And be it traditional phishing or malware propagation attacks, advertising fraud or e-commerce fraud, or business email compromise (BEC), brand impersonation or spoofing of reputed brand sites remains paramount in various cybercriminal strategies because nothing works better than riding along the trust and goodwill of well-reputed brands to lure people into a scam.

“Brand”, a relatively new term for cyber security, has completely evolved in the present situation. A term that was just a marketing challenge has now become a legitimate security concern. It now does not limit to how people talk about the brand but also about how criminals pretend to be the brand. This gap generated by scammers between you and your customers exponentially enlarges the potential for harm, causing immediate and long-lasting damage. Cybercriminals may be creating and ceiling counterfeit goods through the spoofed website, sometimes, they may harvest your customers’ user information, and at times they may push false narratives in your brand’s name. Even in the worst-case scenario of scammers hacking into your organisation’s account to fulfil their objectives, the outcome, more or less, remains the same. What actually differs is the significant variations in the tactics they use.

Now let’s answer one of the biggest questions in such cases – “Who holds the responsibility to address the concern?” Well, there isn’t any specific answer to this question since this is a cyber security concern and an issue related to brand protection as well. But does it matter if, in any case, it comes under any of the two?

Cybercriminals do not care what your team’s responsibilities are and what scope it works under. They run simple tactics – set up a fake website, send phishing emails, lure customers and harvest credentials – and it works all the time. Some say it comes under the realm of security practitioners; others say it is the responsibility of incident response. While others also consider it a customer service or marketing team’s responsibility. While companies are busy guessing whose responsibility it is to deal with the same, the attacks keep mounting. 

While legal professionals, in doing their best, are constrained to their toolsets consisting of cease-and-desist letters, temporary restraining orders or manual takedown requests, their profession does not open doors to solve this issue through AI and automation. What is actually needed to take down these bad actors is the Internet scale, which cyber security teams are best equipped with to detect, monitor and remediate the cases of spoofed sites.

The need of the hour is to prevent theft when people are stealing from you – your brand’s name and reputation or your customers’ data. A systematic and multidisciplinary approach is needed by the CISOs when it comes to the brand impersonation problem. The surge in phishing attacks underscores the need for every organisation to take ownership of their brand’s impersonation problem and not impose the responsibility game on others or leave it to chance.

Quick Enquiry

    Wordpress Social Share Plugin powered by Ultimatelysocial