Marketers and Cybersecurity Teams Must Team Up For Brand Safety

What’s the difference between marketing and cybersecurity professionals? Marketing pros aim to bring people in, while cybersecurity pros aim to keep people out.

Traditionally siloed due to conflicting motivations, marketing and cybersecurity must tag-team in order to achieve brand safety in a digital environment rife with online brand impersonation attacks. Without close collaboration, marketers are often left unaware of brand exploitation attacks that betray their customers’ hard-earned trust. Meanwhile, cybersecurity teams can’t always discern spoofed domains from legitimate domains — especially when marketing teams regularly rely on third-party email communication partners to send emails on their behalf.

As evidenced by Mimecast’s The State of Brand Protection 2021 (SOBP) report, marketing and cybersecurity can work together to devise effective online brand protection strategies that not only help protect the brand and its customers, but also marketers’ leads.

Marketers Regularly Caught Unaware of Online Brand Exploitation

Counterfeit goods, trademarks and copyrights are obvious to brand marketers. Online brand impersonation? Not so much. As evidenced by the SOBP report, brand safety is a fast-growing issue that marketers remain largely unaware of. Worse, the same digital marketing techniques they use to deliver the right message to the right customer at the right time are being exploited by malicious actors who impersonate their brands to prey on customer trust.

For example, brands regularly use digital marketing technology to engage with customers and prospects, often through email. These tools generally boast a large ROI, with email marketing in the range of $42 for every $1 spent.[1] But email has an inherent security flaw that allows malicious actors to send fake emails on a brand’s behalf, thereby tricking unsuspecting customers — and even a company’s own employees — into falling for cyberattacks. In fact, Mimecast’s The State of Email Security 2021 report found that 47% of respondents are fending off an upswing in malicious use of email spoofing that made fraudulent use of a company’s domain. Similarly, 42% of respondents found that illicit use of a company’s brand to create counterfeit websites is a growing danger.

Worse, people are clicking. According to the SOBP report, 40% of consumers don’t hesitate to click on links in emails from their favorite brands, while the SOES report found employees are clicking on three times as many malicious URLs in emails as they had before the COVID-19 pandemic began. This is an issue: Brand impersonation attacks hurt customers by stealing personal information, sparking fraud or launching malware attacks. In return, customers are more likely to associate that unsettling experience with the brand and may be less likely to click on links or engage in future email interactions.

It’s Difficult to Discern Legitimate Brand Use from Exploitation Attempts

While marketers work diligently to acquire new customers, their efforts unfortunately make the cybersecurity team’s jobs more difficult. For example, one vital online brand protection measure, enforcing the DMARC email authentication protocol, requires careful assessment of all domains sending email on a brand’s behalf. This can be a lengthy process depending on how many domains a brand has — as well as how many service providers are sending emails on behalf of the organization. Marketing teams that regularly rely on email must be sure their emails are seen as legitimate and not landing in spam folders or rejected, which would quickly chip away at that $42-to-$1 email ROI figure referenced above.

Further, it’s not uncommon for companies to have dozens or even hundreds of domains used for different products, offerings or audiences. This complicates the cybersecurity team’s search to shut down malicious spoofed web pages that pave the way for cybercrime while diverting potential customers away from legitimate web pages.

Before cybersecurity teams can effectively use DMARC and other brand safety measures like online brand protection solutions, they must carefully collaborate with marketers — and other relevant business departments — to suss out all illegitimate senders and illegitimate domains that use your brand to fool unsuspecting customers. Otherwise, they risk interfering with marketing efforts by blocking legitimate emails and taking down genuine websites.

Bridging the Gap Between Marketing and Cybersecurity

Unfortunately, marketers (and other business units) often don’t recognize the extent to which their brand is being maliciously used until they begin proactively monitoring for it. Therefore, the best practice to make sure your entire company understands what’s at stake is to reveal the problem through a proof of concept. This can open key stakeholders’ eyes to the severity of the issue, but only if cybersecurity teams know how to carefully and clearly communicate the issue in a way anyone can understand.

Making the case for an online brand protection strategy involves two parts:

1. Start monitoring email with DMARC: But instead of trying to explain DMARC in all of its technical terms, set up a proof of concept to track how often fraudsters are sending emails on your brand’s behalf. It’s free if you do it yourself, and the results can be astonishing: One SOBP interviewee discovered 300,000 illegitimate emails being sent on behalf of his company’s brand. Clear figures will help illustrate brand exploitation in a universally understood way, so marketers, leadership and other key stakeholders are more likely to take it seriously.
2. Use an online brand impersonation protection solution: The right tool will monitor the web, 24/7, to spot every time a bad actor creates a malicious web page that spoofs your brand — and then rapidly take the criminal down. After deploying an online brand impersonation protection solution, one SOBP interviewee reported more spoofed malicious websites than anticipated, and marketing quickly became active partners after seeing the service’s capabilities. The service also helped the cyber team provide C-suite executives with key metrics like monthly takedowns over time, which helped leadership agree to the business value of adopting such a solution.

The Bottom Line

As one SOBP interviewee put it, “It’s cybersecurity’s job to ride sidesaddle with marketing.” By shooting down fraudulent emails and fraudulent websites, cybersecurity teams can make it easier for marketers to build their brands. But marketers must play an active role to ensure only illegitimate emails and websites are blocked and taken down — otherwise, they risk damaging their lead potential.

[1] CMO's Guide to Email Marketing ROI, Litmus