Should the CMO manage cybersecurity budget to protect the brands

Contributed Article
October 20, 2020 12:07 am
Werno Gevers, Cybersecurity Expert, Mimecast.

Middle East organisations are growing wary of criminals exploiting their brands to target their customers, partners or the general public. According to the latest Mimecast State of Email Security Report, 74% of organisations in Saudi Arabia and United Arab Emirates are concerned about a web domain, brand exploitation or site spoofing attack. Cybercriminals are acutely aware of the ease with which they can register lookalike domains and launch sophisticated attacks impersonating trusted brands that are nearly indistinguishable from the real thing.

It has become common for malicious actors to use our favourite retailers or other loved brands and services to trick people into handing over money or sensitive information. And it’s becoming harder for these brands to continue to avoid responsibility. Local concerns outweigh global averages, with 50% of UAE organisations admitting they are very concerned about an attack that directly spoofs their email domain, compared to a global average of 40%.

It is critical that organisations look beyond the perimeter to determine how threat actors are damaging their brands online. As a start, they need to adopt Domain-based Message Authentication, Reporting and Conformance, DMAR, an email validation system designed to uncover anyone using a brand’s domain without authorisation. This means brands can monitor who is sending mails on their behalf and instruct receiving servers to reject unauthorised emails. This helps protect receivers from falling victim to fraudulent mails.

There is an argument to be made for the CMO to take ownership of this budget since they are responsible for their brand’s reputation

There is an argument to be made for the CMO to take ownership of this budget since they are typically responsible for their brand’s reputation, but our research revealed this is the case at only 14% of UAE and Saudi Arabia organisations. What’s critical is having budget set aside for this important element of cybersecurity. And the budget owner also needs to work closely with the organisation’s security leader to make the right purchasing decisions.

All of the countries surveyed in this year’s report expect web and email spoofing attacks to increase in the coming year, but Saudi Arabia and UAE organisations were among the ones on highest alert with 52% and 54% respectively, predicting an increase. It therefore makes sense to have a dedicated senior resource looking after the organisation’s online brand integrity. On average UAE organisations were made aware of six web or email spoofing attacks in the last year, while Saudi Arabia organisations were made aware of seven. Of course, that’s just the ones they were aware of and if left unchecked, brand spoofing could have devastating effects on the brand’s reputation.

Standard web and email security strategies are no longer enough. Organisations need to protect their brands online and ultimately protect their customers and supply chains by preventing fraudulent senders using their domains or lookalike domains.

Werno Gevers, Cybersecurity Expert, Mimecast.
Werno Gevers, Cybersecurity Expert, Mimecast.

Key takeaways

• It has become common for malicious actors to use favourite retailers or other loved brands and services to trick people.
• Standard web and email security strategies are no longer enough.
• Organisations need to protect their brands online and ultimately protect their customers.
• What is critical is having budget set aside for this important element of cybersecurity.

 

Tags: