In the era of digital transformation, every company needs a CISO. In the ongoing war against ad threat attacks, there’s good news and bad news. The good news: Between Thanksgiving and Cyber Monday in 2019, the rate of digital ads containing lower-risk malvertising declined to .07 percent compared to 1.25 percent in 2018. The bad news: More than 60 percent of holiday ad threat attacks were far more malicious exploits.
Now more than ever, publishers and advertisers must remain vigilant to combat online security threats that constantly seek to steal the private data and credit card information of consumers. Preparedness begins with an understanding of the threat itself, and what it means for a company’s security efforts.
Understanding Ad Threats
First things first: What is an ad threat?
Many executives are well aware of ad fraud, in which bad actors manipulate marketers into paying for fraudulent ad views. Ad threat, however, is a different breed of trouble. Ad threat represents the weaponization of AdTech to distribute malware, trojans and other malicious attacks to consumers, in addition to defrauding marketers and publishers.
Ad fraud typically refers to efforts by criminals to steal advertising revenue from publishers and advertisers, victimizing brands and website owners. Ad threat instead refers to attacks that victimize audiences, users, and citizens who interact with websites and online applications. By exploiting ad tech vendors, cybercriminals can run scams, collect sensitive data, and distribute malware. Given the ever-tightening regulatory environment around consumer data and privacy, these attacks are increasingly exposing companies to huge potential fines, not to mention alienated customers.
- Abuse of a service provider’s code: Bad actors abuse service provider code by creating fake accounts with ad networks and using that company’s ad tags to deliver exploits onto sites, without ever needing to compromise the target company’s servers.
- Partner exploitation: In the case of attacks that look to steal information from checkout and login pages, attackers look for third-party partners on those pages and identify those that are most easily compromised. That code is then used to gain access and collect user data as consumers are entering it.
Shoring Up Vulnerabilities
While the proliferation of ad fraud has long been viewed as a problem for Marketing teams to address, ad threat security gaps represent serious potential breaches that must be monitored and managed by security teams. After all, it’s not just ad revenue and user experiences that are at stake.
Executives looking to avoid similar fates need to start by creating cultures of security within their companies. That means ensuring CTOs, CISOs or CIOs—whoever spearheads data security within your organization—have the resources needed to maintain site safety and security across all emerging areas of threat. (You might even consider appointing your CISO or CIO to sit on the board.)
It’s also important for companies to regularly evaluate security risks and mitigators across all departments and emerging technologies. Meanwhile, be sure to review your cybersecurity insurance to make sure that your organization has the right controls and mitigators in place to meet the requirements.
Above all, remember: Online security is an ongoing journey, not a destination. As bad actors evolve, it’s imperative that company executives be constantly reevaluating their practices to ensure they’re always one step ahead.