How to Lower the Cost of Online Brand Protection
Fighting online brand exploitation manually is expensive and ineffective. Automated solutions provide the holistic protection required for brand protection.
- Incidents are on the rise where brands are impersonated or misappropriated to create a counterfeit website.
- Companies are putting strategies in place to combat domain spoofing and brand impersonation, but implementations tend to be manual — and costly.
- Companies that adopt an automated online brand protection platform can significantly reduce costs and redeploy in-house security and IT professionals to other important tasks.
Of all the cyberattacks that organizations fight today, the most insidious may be domain spoofing: when attackers create counterfeit websites and emails to lure unsuspecting customers. Domain spoofing (a form of brand impersonation) is easy to execute, difficult to identify and even harder to resolve. Indeed, domain spoofing attacks have gone undetected for weeks or months — silently chipping away customers’ trust in the spoofed organization’s brand and negatively affecting the bottom line.
One might think a spoofed website would be easy to uncover, but customers and even employees rarely notice the difference between attacker-controlled sites and legitimate ones, according to the Frost & Sullivan whitepaper “Managing Digital Risk: The Security Challenge Beyond Your Perimeter.” The paper adds that attackers now use tools and automation to efficiently spin up their efforts, enabling “fast-moving attacks that are difficult for most organizations to discover, let alone counter.”
And brand spoofing doesn’t appear to be going away. According to Mimecast’s State of Email Security 2021 survey, brand impersonation incidents or counterfeit websites increased at 42% of the respondents’ companies, while an even greater number (47%) reported a rise in malicious email spoofing that made fraudulent use of their company’s domain. Mimecast’s State of Brand Protection Report found that all brands are at risk. Even two small banks were surprised when they learned they were averaging 10 to 15 brand impersonation “takedowns” per month once they became proactive.
The Problem with Manual Brand Protection Strategies
Given the growing issue, many companies are putting strategies in place to combat domain spoofing and brand impersonation. However, those strategies tend to be manual — and thus costly.
“The budgetary impact on an organization using manual processes to detect, investigate and eliminate cloned websites can be significant,” notes Frost & Sullivan. The firm’s research shows a security analyst in the United States earns between $58 and $116 per hour, depending on the state and level of experience. The firm estimates that it can take between 24 hours and four weeks of labor to detect and take down a cloned website, which means it can cost between $1,392 and $13,920 for a security analyst to tackle just one spoofed site. According to the study, a midsize enterprise may encounter an average of six cloned sites per month, and the number of clones tends to increase as the size of the company increases.
With additional costs such as legal fees, fines associated with data leaks, and loss of current and future business, the price tag for manual online brand protection can rise to more than $1 million per year for a midsize enterprise, according to Frost & Sullivan.
Here is the firm’s cost breakdown for manual online brand protection:
|Mean time to detect a spoofed website||Several weeks or months|
|Mean time to resolve||336 hours or more|
|Number of customer-side analysts involved||5 to 20|
|Hours spent on online brand protection||160 hours per month|
|Monitoring frequency||Sporadic/when time allows|
|Websites evaluated per year||Thousands per year|
|Cost per attack||Up to $13,920|
|Cost to monitor and protect one domain per year||Up to $1,002,240|
|Annual legal fees per year||Up to $144,000|
The Cost Advantage of Automation
Given the amount of money it can cost to protect a brand via manual processes, does it make fiscal sense? Online brand protection requires constant, intelligent, real-time monitoring and scanning, advanced threat intelligence, access controls and authentication services, and user security awareness training. These needs are too many, and attackers too savvy, for companies to manage potential exploitation without an automated online brand protection platform.
Automated solutions can run quadrillions of targeted scans to detect, block and take down not only spoofed websites but also the phishing emails that lure users to the sites by impersonating brands’ domain names. Some solutions can even identify previously unknown attack patterns and block compromised assets at the earliest possible stages, before they become live attacks.
In fact, companies that adopt an automated online brand protection platform can expect to significantly reduce costs and free up in-house security and IT professionals to deploy to other critical tasks.
Here is Frost & Sullivan’s cost breakdown for companies using an automated online brand protection platform:
|Mean time to detect a spoofed website||Between seconds and three hours|
|Mean time to resolve||Between seconds and three hours|
|Number of customer-side analysts involved||1 (for a 10-minute telephone call)|
|Hours spent on online brand protection||1 hour per month|
|Websites evaluated per year||Billions per year|
|Cost per attack||Up to $1,000|
|Cost to monitor and protect one domain per year||$12,000 to $60,000|
|Annual legal fees per year||$0|
Whether an organization decides to manually manage online brand protection or leverage an automated platform, it must also take into consideration potential hidden costs. For example, a delayed response (or no response) to a spoofed site, especially one that harbors malware, may incur the loss of customer trust, ransom demands, loss of potential revenue, and regulatory fines that can come with data breaches.
The Added Benefits of Automation
Organizations should look for automated brand protection solutions that combine proactive intelligence, 24/7/365 scanning for site impostors and look-alikes, threat detection capabilities and the ability to remediate issues through strong relationships with domain registrars, hosting providers, certificate authorities and others. Solution providers like Mimecast also deliver dedicated cyber analysis and user security awareness training.
The right security vendor partner will be cost-effective and less resource intensive, while enabling organizations to protect themselves from sophisticated and fast-moving attacks against their online brands.
The Bottom Line
While capable companies may think managing online brand exploitation internally and manually will be cost effective and successful, the reality is that most organizations don’t have the resources for it. Effective brand protection requires an automated, holistic approach to block these growing threats.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!