Anyone who has paid attention to politics in the past few years has seen the impact that bot attacks and the spread of misinformation can have on a candidate’s campaign. But these kinds of attacks are not limited to politics, and marketers need to make sure they are prepared to combat a variety of threats online that can cause damage to their brand’s reputation, including bots, brand impersonators, data breaches, and even coordinated attacks from entire nations.
PM360 spoke with Otavio Freire, Co-founder, CTO, and President of SafeGuard Cyber, a company that specializes in end-to-end digital risk protection, about which threats companies need to be most aware of and what they can do to make sure their brand is safe.
PM360: What do you feel are the biggest threats that brands face online?
Otavio Freire: It’s becoming more complex, so you have to think of it as a spectrum rather than a discreet list of threats. One area of attack—all of the things that hurt the brand. For example, an account takeover, when you don’t control your digital assets, and someone pretends to be you and creates brand infringement. Then there are also things such as distributive threats where folks are attacking your personnel to try to extract information. Another is IP theft, which is also very problematic.
Focusing on attacks on the brand, how can companies protect people from impersonating their brands online?
Companies can work with social media platforms to gain access to ways to search through all of that data on the internet—the deep web, dark web, and social media—to find folks that try to defraud the brand. The number of false positives you can gather in a situation like that are incredibly high, but using advanced technology such as AI and machine learning you can find what is taking place across your digital footprint at scale and in real time. And once you find something, you must initiate the takedown process. If someone is violating your brands and your trademarks, then there are controls in place on the internet and social media channels that allow you to take down digital assets. Ultimately, it’s not just about finding them—it’s about doing something about the folks that are hurting your brand.
Bot attacks are another area in social that are being used to hurt brands. Now, we have seen this more in politics, but is this something that can also be used against pharma brands?
This is a new phenomenon. Think of it as a ransomware for brands. And you’re right, while this came out of politics, it is being used against other brands now as well. Folks can organize these networks of thousands and thousands of bots to attack a brand’s reputation at massive scale until they are paid or forced to stop. For example, in pharma, someone could target a highly visible consumer brand by creating misinformation about side effects. The key to combat that is to identify those bot networks that are attacking a brand early and take them down in order to avoid getting into a situation where you have to pay ransom.
Data breaches are another possible threat that includes companies losing information about their brands, employees, and even their customers. How can companies prepare against this?
Companies can learn a lesson from recent breaches, especially those where hackers left evidence or bragged about it on social media. You cannot remain reactive—you have to be proactive. I think the pharma industry is waking up to the fact that they’ve got a lot to lose if this were to happen to them. Reputation of a brand can be 19% or 20% of its’ value, and patients certainly take that into consideration when comparing it with a generic brand. An enterprise must understand what all their assets are, understand their vulnerabilities, and continually scan for risks. Smart brands are certainly putting these kinds of controls in place.
What other threats do companies need to be aware of that can possibly hurt their brands on social media or elsewhere online?
One of the big threat vectors of brand reputation is one-to-one mobile applications, such as WhatsApp, LINE, and Telegram. Sanctioned or not, pharma employees and field reps have adopted these channels to communicate with HCPs, including information about brands. Companies need to protect these channels to empower sales teams while also protecting sensitive information and assuring compliance.
Another element that has risen to the forefront is the emergence of nation states within the mix of attackers. It used to be that you were attacked by a hacker or hacker groups, but now nation states are attacking the most valuable companies in the United States. I feel like organizations are not aware that these attacks are sophisticated and part of national plans.
For instance, the biotechnology industry is in the crosshairs of China’s new five-year plan, and what are called APT threats line up nicely to that plan. So if you’re a biotech company and you realize that the nation of China wants to get access to your intellectual property or pharmaceutical research through social media and digital channels, then suddenly you grasp that the stakes are much higher than if it were just a hacker group. We want to make sure more people understand that.