Fighting online brand exploitation manually is expensive and ineffective. Automated solutions provide the holistic protection required for brand protection.

Key Points:

  • Incidents are on the rise where brands are impersonated or misappropriated to create a counterfeit website.
  • Companies are putting strategies in place to combat domain spoofing and brand impersonation, but implementations tend to be manual — and costly.
  • Companies that adopt an automated online brand protection platform can significantly reduce costs and redeploy in-house security and IT professionals to other important tasks.

Of all the cyberattacks that organizations fight today, the most insidious may be domain spoofing: when attackers create counterfeit websites and emails to lure unsuspecting customers. Domain spoofing (a form of brand impersonation) is easy to execute, difficult to identify and even harder to resolve. Indeed, domain spoofing attacks have gone undetected for weeks or months — silently chipping away customers’ trust in the spoofed organization’s brand and negatively affecting the bottom line.

One might think a spoofed website would be easy to uncover, but customers and even employees rarely notice the difference between attacker-controlled sites and legitimate ones, according to the Frost & Sullivan whitepaper “Managing Digital Risk: The Security Challenge Beyond Your Perimeter.” The paper adds that attackers now use tools and automation to efficiently spin up their efforts, enabling “fast-moving attacks that are difficult for most organizations to discover, let alone counter.”

And brand spoofing doesn’t appear to be going away. According to Mimecast’s State of Email Security 2021 survey, brand impersonation incidents or counterfeit websites increased at 42% of the respondents’ companies, while an even greater number (47%) reported a rise in malicious email spoofing that made fraudulent use of their company’s domain. Mimecast’s State of Brand Protection Report found that all brands are at risk. Even two small banks were surprised when they learned they were averaging 10 to 15 brand impersonation “takedowns” per month once they became proactive.

The Problem with Manual Brand Protection Strategies

Given the growing issue, many companies are putting strategies in place to combat domain spoofing and brand impersonation. However, those strategies tend to be manual — and thus costly.

“The budgetary impact on an organization using manual processes to detect, investigate and eliminate cloned websites can be significant,” notes Frost & Sullivan. The firm’s research shows a security analyst in the United States earns between $58 and $116 per hour, depending on the state and level of experience. The firm estimates that it can take between 24 hours and four weeks of labor to detect and take down a cloned website, which means it can cost between $1,392 and $13,920 for a security analyst to tackle just one spoofed site. According to the study, a midsize enterprise may encounter an average of six cloned sites per month, and the number of clones tends to increase as the size of the company increases. 

With additional costs such as legal fees, fines associated with data leaks, and loss of current and future business, the price tag for manual online brand protection can rise to more than $1 million per year for a midsize enterprise, according to Frost & Sullivan.

Here is the firm’s cost breakdown for manual online brand protection:

Mean time to detect a spoofed website

Several weeks or months

Mean time to resolve

336 hours or more 

Number of customer-side analysts involved

5 to 20

Hours spent on online brand protection

160 hours per month

Monitoring frequency

Sporadic/when time allows

Websites evaluated per year

Thousands per year

Cost per attack

Up to $13,920

Cost to monitor and protect one domain per year

Up to $1,002,240 

Annual legal fees per year

Up to $144,000

 

The Cost Advantage of Automation

Given the amount of money it can cost to protect a brand via manual processes, does it make fiscal sense? Online brand protection requires constant, intelligent, real-time monitoring and scanning, advanced threat intelligence, access controls and authentication services, and user security awareness training. These needs are too many, and attackers too savvy, for companies to manage potential exploitation without an automated online brand protection platform. 

Automated solutions can run quadrillions of targeted scans to detect, block and take down not only spoofed websites but also the phishing emails that lure users to the sites by impersonating brands’ domain names. Some solutions can even identify previously unknown attack patterns and block compromised assets at the earliest possible stages, before they become live attacks.

In fact, companies that adopt an automated online brand protection platform can expect to significantly reduce costs and free up in-house security and IT professionals to deploy to other critical tasks. 

Here is Frost & Sullivan’s cost breakdown for companies using an automated online brand protection platform:

Mean time to detect a spoofed website

Between seconds and three hours

Mean time to resolve

Between seconds and three hours

Number of customer-side analysts involved

1 (for a 10-minute telephone call)

Hours spent on online brand protection

1 hour per month

Monitoring frequency

24/7/365

Websites evaluated per year

Billions per year

Cost per attack

Up to $1,000

Cost to monitor and protect one domain per year

$12,000 to $60,000 

Annual legal fees per year

$0

 

Whether an organization decides to manually manage online brand protection or leverage an automated platform, it must also take into consideration potential hidden costs. For example, a delayed response (or no response) to a spoofed site, especially one that harbors malware, may incur the loss of customer trust, ransom demands, loss of potential revenue, and regulatory fines that can come with data breaches.

The Added Benefits of Automation

Organizations should look for automated brand protection solutions that combine proactive intelligence, 24/7/365 scanning for site impostors and look-alikes, threat detection capabilities and the ability to remediate issues through strong relationships with domain registrars, hosting providers, certificate authorities and others. Solution providers like Mimecast also deliver dedicated cyber analysis and user security awareness training.

The right security vendor partner will be cost-effective and less resource intensive, while enabling organizations to protect themselves from sophisticated and fast-moving attacks against their online brands.

The Bottom Line

While capable companies may think managing online brand exploitation internally and manually will be cost effective and successful, the reality is that most organizations don’t have the resources for it. Effective brand protection requires an automated, holistic approach to block these growing threats.

 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Holiday Alert: Brand Exploitation Is Surging Online

New Mimecast research shows thousands of…

New Mimecast research shows thousands of fake websites are a… Read More >

Karen Lynch

by Karen Lynch

Contributing Writer

Posted Nov 15, 2021

Brand impersonation: One cyberattack is enough to lose consumer trust …

Businesses face increased cyber threats …

Businesses face increased cyber threats from threat actors l… Read More >

Nick Deen

by Nick Deen

Senior Marketing Manager

Posted Oct 12, 2021

Cybercriminals Are Stealing Marketers’ Leads

Close big loopholes on the web and in em…

Close big loopholes on the web and in email to help prevent … Read More >

Michael Grover

by Michael Grover

Posted Sep 27, 2021