It's as if not a day goes by when there isn't news about some national brand getting hit with a data breach. High profile breaches at large chains such as Target and Home Depot saw the records of tens of millions of customers stolen. While executives at these brands have an understanding of what the impact of a data breach can do to a brand's reputation as well as the legal ramifications, they do not have the information they need at their disposal to make educated decisions.
Seems like no brand is immune, even as marketing budgets rise in the quest to protect brands from such attacks which is getting harder and harder to keep up with. In 2015, attacks such as data breaches seem to have taken place at brands under the radar and in a wide range of industries. These attacks were ones that did not receive any media coverage but affected those brands in a multitude of ways.
Even as the threats are always on the rise, the patterns are becoming more and more clear. This makes it easier for brands to protect themselves and their data. Being able to identify threats before they strike is necessary to keep adopting the correct measures to provide maximum protection.
Cyber thieves are always investing in malware, and increasing their research while they develop highly unique pieces of malware on a constant basis, that can threaten sophisticated global payment infrastructures. These pieces of malware are often not identified by detection systems for days, weeks and sometimes months after they are released.
Malware distribution is becoming highly sophisticated as the attacks leverage a strategy that brands have been adopting to protect their data against theft, the protocol known as HTTPS. This strategy encrypts information, and it is more often used than not to protect data. But, alas as highly common in the cyber thievery world, attackers find inventive ways to use the technology that organizations employ in their favor, such as being able to hide malware from the sophisticated firewalls that organizations implement. An example of this would be the use of a banner ad that hackers placed on the Yahoo! News site which enabled them to distribute malware to over twenty seven thousand Internet users in Europe per hour for a few days.
There are more attack trends coming up faster than you might think. Organizations must be prepared to transform both their security processes and infrastructure. Highly sophisticated (more than there is out there currently) malware will target smartphone users as well as users of wearable technology such as watches. Bitcoin and other digital currencies will see more attacks and it will get more personal, as home networks and the utilities that steer them will be part of a more vast array of DDoS (Denial of Service) attacks.
So, the question is, what will you be doing to protect your brand to ensure maximum safety for your brand as well as customers? Firstly, knowledge is paramount. You need to implement security that is round the clock as well as train your employees to always be on guard if they notice something fishy.
I expect to see two step authentication becoming more prevalent with the combination of passwords, and identification methods such as voice prints and finger print technology, This type of verification is highly promising and worth looking into as it can more often than not stop hackers on taking advantage of any opportunities to steal data.
All in all, brands need to keep educating themselves on next generation technologies such as firewalls and intrusion prevention systems to maximize protection for themselves and their customers.
As predicted by most Internet security experts, 2015 was a year that was robust in attacks of the cyber variety and the vast array of different types of attacks that become more cunning and a new slew of attack methods. With the cybersecurity arena in a constant state of evolution, solutions for protection must be quick to match and predict attackers' thinking.
It doesn't appear cyberthievery will be slowing down anytime soon and below I identify 4 trends that brands need to be on the lookout for in their quest to protect their brand.
In the age of big data, data that is collected by apps, is moving front and center in a bid to maximize the user experience. This also translates to app makers having to make security the centerpiece of their app development that cover a wide variety of mobile devices. The most simple mobile app, when possessing a vulnerability can lead to an entire corporate network being compromised.
In 2016, I see an increasing number of companies recognizing this threat for what it is and conduct vulnerability assessments that pinpoint potential lapses in security among their apps and networks. This includes monitoring releases and patch update levels, configuration issues of network equipment such as user authentication and verification.
The number of devices joining the Internet of Things continues to surpass expectations. This only increases the levels and avenues where threats can fester, develop and attack. Industries and markets not considered only a short time ago have become prime targets. I feel the time is now to include security against such attacks as a priority. The problem is that those who design for IoT do it with the customer's convenience in mind and engineering for securityis not at top of mind.
I feel that throughout 2016, these security issues will come to the forefront and put the much needed pressure on the manufacturers of those devices to look at this as a serious issue. Consumers need to be vigilant and remain so until they are given assurances by device manufacturers that their products conform to the highest security standards. As things such as heart monitors and other wearable devices, cars and other household goods become part of the IoT universe it could potentially cause a chaos of sorts if not given the utmost attention.
The rapid growth of the industry that followed the Big Data trend, analytics has led to organizations embedding that data within their organization at the highest levels of decision making processes as well as operations. Companies need to realize that this data is not just a bunch of letters, characters and other input, but there is a human element to analyzing data. The key challenge in all of this is maintaining data integrity. Otherwise, the resulting analyses will lead to weak and missed businesses opportunities, lousy decisions, damage to the brand and a hurting bottom line.
I predicted that Cybercrime would continue on it's rapid journey through more industries in 2015. 2016 will be no different. Cybercrime and Hacking along with lack of investment in brand protection can all be the ingredient to create a perfect storm of threats. Those companies that invest time and financial resources to counter these threats will be the best positioned to weather this storm.
Let's face it. A few short years ago, crime pretty much only existed in the real world. Cyberspace has become a highly attractive breeding ground for scammers of all sorts who are on the prowl to make money, disrupt both political and financial operations, and some. yes some. Do it just for the heck of it. These events can be of high impact and organizations need to prepare for the worst, as it is not something that can be predicated and it can do irreversible damage.
In 1999, Kevin Ashton a British Entrepreneur coined the term the Internet of Things (IoT) to describe things in our everyday lives which are embedded with electronics of some type that allow them to exchange information over the Internet.
In a paper from 2014, from Brand Perfect, it was stated:
“When you buy things that are embedded in the internet of things, it changes your relationship with the company you buy it from.” This directly ties to branding and the relationship between the company and the consumer.
It really boils down to trust. When a consumer buys a smart product, they are giving up control of the device to some algorithm which will drive the device to behave on the customer's behalf. It's the same when you're a passenger in one of those driverless cars. You gain a deep understanding of the complexity. The sensors that exist in the vehicle's infrastructure as well as sensors installed in other vehicles would plan the best and safest route, updating the route as needed and notifying the passenger of the estimated time of arrival.
For example, Target thought they had identified the signs related to someone having a baby. They just made the mistake of sending a 17 year old congrats which was intercepted by her parents. They were not too happy. In the age of big data, companies need to be extremely careful what they do with it and how they use it to engage consumers. Companies that do a good job with this data will be winners, those that slip up and the word will spread, will have a difficult time with customers.
Data needs to build trust. Brands need to know what they want to stand for. A brand that ventures into the World of IoT needs to be extremely cautious. There are certain concerns that exist for those wanting to venture into this space. When consumers buy a product that is embedded within the IoT, it changes their relationship with the company they bought if from.
You might have trusted them to this point with buying a toaster or a clock radio, but with IoT things get a tad more personal. They now have the access to user data about you. They'll uncover everything from how you go about your day, your schedule, your heart rate, your location at certain times. It really can't be anymore invasive.
Consumers will feel as if it is more of an intrusion up on their lives than anything. When that happens, they are likely to trust a brand less and perhaps brands that are doing it the wrong way, will notice the churn effect, as more fans leave than come on board.
Take insurance providers for example. Insurers are offering rebates and discounts and low premiums if they can monitor your driving and your habits. Everything from your tire pressure to your mileage, from your average speed to how many right turns you make. But, pretty soon, Cars will enter the IoT world in a big way, that these device will even be needed. They'll just know. How do consumers deal with something like that? Who will have control of the data. As smart as the IoT can be, it is up to us humans to be smarter and protect our data.
Along with all the threats to your brand, is a form of Cyber Squatting known as Typosquatting. This tactic pretty much relies on the chance that someone will spell your URL incorrectly and will allow the squatter to rob your brand of traffic, credibility and your bottom line. In order to protect your brand you need to be aware of the scenarios where these squatters will take advantage of the misspellings of your URL.
So, the main question is how does a brand protect itself from such threats. What can you do to minimize this threat and protect your brand?
When buying a domain from a domain provider such as GoDaddy, run a check on all the common URL misspellings and buy those domains in addition. The reason for this is you want to protect your brand from getting hijacked and stealing your traffic by pointing people to their phony URL of your counterfeited products for example, one with high resolution photos that they probably also stole from your website.
For example, a typosquatter might buy the domain name yahooo.com, only to have visitors go there and infect their computers with malicious spyware trojans, backdoors and a host of other threats. The visitor will unsuspectingly become a victim of having their computer hijacked.
An effective way of finding the most commonly misspelt variations of your domain name is to type your domain name as quickly as possible many times into a spreadsheet (100 x should work unless your fingers get tired). Sort them according to how many instances and you should deduce that after the correct typed URLs the most mistyped ones are the most common misspellings of your domain.
Purchasing Two Versions of your Domains To start, you should consider buying both the plural and singular version of your domain name. Another is to consider purchasing the name of your domain, both hyphenated and not hyphenated versions. This can also have SEO advantages. Your website might get placed in an adult category if you only register motorcyclesexpo.com as it might get parsed as motorcycle-sex-po.com instead of motorcycles-expo.com.
Purchase the most used domain extensions such as .org, .net and .com at minimum. Also you may want to check if there are any related new gTLDs to purchase that may tie in with what your site is offering.
A study made in 2014 that was jointly conducted by researchers at Leuven, a Belgian University and Stony Brook university in the US is considered to be the first study of typosquatting that is based on content.
The amount of data that was pored over was intense, 900GB of it to be exact. This data was extracted from over 3.3 million web pages and over 424,000 unique WHOIS records which was gathered over 7 months. When the study was concluded it was found that despite the fact that 95% of the popular domains investigated were actively targeted for typosquatting, very few of the legitimate trademark holders protected themselves again typosquatting by being proactive and registering their own misspelt domains.
The study went further in identifying the domains with the most proactive defensive registrations. The Huffington Post (.com) came out of on top with 57 registrations. American Express (.com) had 42 and Bloomberg (.com) had 39. What is alarming is that out of three top banks, only Bank Of America had registrations considered defensive.
I hope you choose to follow the tipcs above that will give you a strong proactive defense mechanism against becoming the victime of TypoSquatting.
Just as design and usability issues are important elements to opening a store online, another element of web strategy of paramount importance is typosquatting. If you do not realize its implications now, someone else will and it will be too late. Headaches in reversing this trend should wake domain owners up to protect their coveted brand from bad spellers looking to profit.Typosquatting AKA URL Hijacking consists of registering misspellings of a web address in the hope that visitors will visit their illegitimate alternate site and they will profit. Fat fingers especially on mobile devices can easily sneak an extra letter into a URL. A person not familiar with English might make an eror trying to spel it phonetically. Non native English speakers are a prime target to drive to alternate sites. If that URL is not owned by you, then someone looking for your site might be visiting a cybersquatter's site.
Typosquatting is a type of Cybersquatting and has been around since the early days of the web, when opportunity knocked for tech savvy individuals to earn a quick buck, sometimes many bucks, by selling the domains they purchase to their rightful owners.
Large brands and names have been the targets of Cybersquatting (which is illegal ever since the introduction of the anti-cybersquatting consumer protection act). Names of brand and people include Bruce Springsteen, Madonna, Avon, and Hertz among the many.
A nice size crowd of Illegal activities have gathered underneath the Cybersquatting umbrella. Good thing there's an umbrella, as victims of typosquatting are getting soaked, so much so that Typosquatting is estimated to cost brands collectively hundreds of millions and almost half a billion in impressions annually.
Sophos, a leading developer of online security hardware and software conducted an experiment in security by typing in one letter variations of the biggest names such as Google, Apple, Facebook and what did they find? By just applying mistakes with just one character in the real web address, they generated over 2,200 URLs.
Out of all the mistyped domains, 80% of them led to bogus websites, which were set up to deceive those who had trouble typing mistake-free URLs. Now, out of these 80%, below 3% of them were set up to commit some form of phishing, fraud or hacking). Most were just about making money in some way.
Given just the above (and there's a lot more. Trust me) the time may have come to protect your brand by following the mini action plan below.
Being proactive and having the knowledge can go far in helping to keep your brand and customers from this threat. Feel free to chime in in the comments section below. What do you do to protect your brand against cybersquatting?
Holiday season 2015 is quickly approaching, and with that is the season that is on the mind of consumers. Shopping season! With Ecommerce sales at an all time high, the convenience of online shopping means you never hsve to leave your couch. But, with that convenience comes risks. Lots of them. Now is the time to heed the warnings and protect yourself when doing your shopping online.
Whenever e Commerce rises (And it is a constant) so do the incidents of online scams. 2015 is no different and probably will be hit the hardest. As brands try to protect themselves, the online scammers are ready to come at them with full force. 2015 has been a banner year for data breaches and experts are expecting more breaches, identity theft, cyber attacks and online theft to hit consumers this holiday season.
So, you might be thinking what measures you can take to not become jut another victim. Below I've included some practical and basic tips that can help make this holiday season a safe one for consumers.
When you shop at your favorite website, ensure that the site has a URL that begins with HTTPS or has a symbol of a closed padlock as the one below. A website that uses HTTPS in its URL is one that is encrypted. This means that the information sent from the site can not be read by a third party. If you enter your personal information on a site that does not begin with HTTPS, you are leaving yourself open to your personal information being intercepted by scammers.
It is a best shopping practice to change passwords frequently (Every 60-90 Days). Use passwords that include random characters and numbers and store them in a safe place, even on a sheet of paper to prevent password theft.
Using multiple methods of payments for the different shopping site can ensure that you reduce the amount of damage to your accounts if there is a data breach at any of the online sites you have shopped. For instance, lets say you use Paypal attached to a credit card to pay at a particular site, use another credit card at a different one.
You may or may not know this, but cyber crime's top targets are sites we use everyday; Facebook, Yahoo, Google, Amazon. Lots of online retailers tell you to store your personal info on their sites for convenience purposes. However, this makes you more prone to your info or your identity being stolen. Sure, it's a hassle to enter you credit card info each time you want to make a purchase, but in the end you will be safer and won't have to worry of being a fraud victim.
Be aware of emails and SMS messages you receive which indicate that there is a problem or a question related to your financial accounts. This scam directs recipients to call a phone number or follow a link to correct a problem. The link will most likely direct you to reenter personal information such as PIN, credit card or bank account number and if you follow these instructions, more likely than not your information will be stolen.
Yet another scam will direct the recipient of an email or text message to a bargain website that looks too real to be fake. These professional looking websites usually use product photos directly from the authentic ones and will sell you phony goods, for ridiculously low prices. Be aware of these.
The Friday after Thanksgiving is known as the biggest shopping day of the year. The following Monday has come to be known as Cyber Monday when online retailers offer phenomenal deals on everything from electronics to toys to fashion. These two days are scammer paradises. As a consumer you need to watch out for any emails that promote one day sales from recognized brands. You need to be wary of these websites, as if you do a bit of investigation you will realize they are fake. Stay away from them!
Hope these tips help you become a safer shopper this holiday season! Please feel free to comment in the section below on ways you can help readers become safer and more educated consumers.