Following our announcement that I have joined the RiskIQ team, I thought it would be appropriate to follow-up with some high-level advice regarding digital brand cyber security management. To build out a robust brand cyber security program, you should start with these four steps:
1. I highly recommend creating a cross-functional team or steering committee of all relevant stakeholders to own digital threats. These stakeholders may include parties from Legal, Brand Protection or Product Integrity, the CISO, IP, Risk Management and Compliance, Privacy, Finance, and Communications, together with your technology partner and incident response team.
2. Develop KPIs and metrics to review quarterly progress with the team. Metrics should look at how many new potential incidents were identified, how many of those potential incidents were confirmed for action, whether the action is in progress or completed successfully, and whether any of the threats have become tenacious. Make sure you are categorizing the category of threat, whether it be in a mobile or Web environment, for example, and whether it is social, involves malware or phishing. Always consider potential privacy implications.
3. Set up a budget for dispute resolution proceedings and not just takedowns; some digital threats are best handled by getting the domain under your management and control from a risk management perspective. It’s also a nice way to build up evidence of successful policing to strengthen your brand assets.
4. Finally, use technology that provides all relevant stakeholders in your organization with the capability to detect and manage their area of responsibility within a broad range and depth of digital threats. Preferably, the solution will handle the digital threat workflow from detection to remediation, including the escalation workflow for persistent threats. This requires the technology to serve as an interface with relevant players across Internet governance, from those managing Internet resources to those resolving DNS queries or coordinating access, and of course, with private network operators as well as with end-users, registrars, ISPs and registries, content and advertising intermediaries, CERTs, and industry consortiums.
RiskIQ is a digital threat management company that provides comprehensive coverage across all digital channels—web, social, and mobile—monitoring the digital presence of any organization from a single platform. With our platform, organizations can follow these four steps to successfully manage their brand cyber security.