320 likes | 457 Views
ISACA Birmingham. Michael Kiefer General Manager mkiefer@brandprotect.com. Agenda:. Who owns listening/auditing the Internet? How does the Internet Ecosystem effect on an organization? Who owns brand, revenue or reputation risk? Departmental risk opportunities
E N D
ISACA Birmingham Michael Kiefer General Manager mkiefer@brandprotect.com
Agenda: • Who owns listening/auditing the Internet? • How does the Internet Ecosystem effect on an organization? • Who owns brand, revenue or reputation risk? • Departmental risk opportunities • Is the Internet is a Board issue, not a departmental issue?
Quote of the Day: There are known known's. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. --Donald Rumsfeld--
The basic message is simple: “Cyberspace is its own medium with its own rules. Cyberattacks, for instance, are enabled not through the generation of force but by the exploitation of the enemy’s vulnerabilities. Permanent effects are hard to produce. The medium is fraught with ambiguities about who attacked and why, about what they achieved and whether they can do so again. Something that works today may not work tomorrow (indeed, precisely because it did work today). Thus, deterrence and warfighting tenets established in other media do not necessarily translate reliably into cyberspace. Such tenets must be rethought. This monograph is an attempt to start this rethinking.” Rand Report to USAF, 2009
A Growing Threat By the end of 2010, criminals will routinely use the Internet to extort funds from organizations, threatening to damage their corporate reputation by ensuring that routine online search requests will return negative or even libelous results…… "If your business depends on a positive Internet reputation, then you have little choice than to explicitly manage that reputation online. The Internet is like a bad-news Petri dish; negative information multiplies and spreads with frightening speed and becomes virtually impossible to erase.“ 5
2009 Internet World by SECOND..Outside the Firewall 2 New Blogs Created 2 Million e-mails Sent 7 PCs Sold 1,157 Videos Viewed on YouTube 7 People Logon For the First Time 11,000 Songs Shared
Internet Ecosystem Registrars Service Providers Legal Counsel Agencies International Law Enforcement Web Hosting 11
$1B losses Who here is next? http://www.thisistrue.com/dellhell.html I've recommended Dell computers for many years. But my confidence in them was shaken when I got a new laptop in Fall 2004, and I ended up in "Dell Hell" Stella seeks support to shed ‘wife beater’ image 12
Audit? Why? Complainant alleges that it owns federal common law trademark rights in the term xxxxx based on use in commerce in the United States and consumer recognition of the mark. Complainant alleges that the disputed domain names <xxxxx.com> and <xxxxxonline.com> are identical or confusingly similar to its trademark. Complainant contends that Respondent lacks rights or legitimate interests in the disputed domain names. Complainant indicates that Respondent has not been authorized to use its trademark in the disputed domain names, and that Respondent has not made any bona fide offer of goods or services under the trademark. Complainant alleges that Respondent registered and has used the disputed domain names in bad faith. Complainant argues that Respondent has attempted to disrupt Complainant’s business by preventing Complainant from using the disputed domain names, and by directing providing “dead links” to Internet users that may falsely create the impression that Complainant is no longer sponsoring events. Complainant further argues that Respondent acted in bad faith because he transferred the disputed domain names from Complainant without its knowledge or consent, and at least initially hid his identity behind a privacy shield. 13
$10M annual loss each, who owns? • Soft ROI: • Identity theft via brands • offers • job boards • contests • False endorsement claims • Corporate reputation attacks • “Pump & Dump” • Real or impersonator employee commentary • 10% customer dissatisfaction • Customers die • Definable ROI: • Counterfeit product marketing and sales • product • coupons • manuals • Channel/Antitrust ? • MAP • Gray Market • Unauthorized agents posing as authorized • Traffic diversion schemes & SEO • Document “leakage”
Counterfeiting • A trillion dollar / year market or 10% of GGDP • Counterfeit activities are usually not audited or monetized! • If $1 million was missing from inventory or cash, an investigation would be launched, the law would get involved, the board would be notified. • The Internet is the communication and monetization vehicle of the perps. • $100M/year or more eBay alone in manuals* *mk estimate 2009 consumer products only
Online Traffic Diversion • Business to Consumer example of Online Diversion cost • Average monthly online visitors to your site 30,000 • Average monthly visitors diverted 10%, 3000 • Conversion rate to offending sites 1.5% • Average monthly customers lost (2) * (3) = 45 • Annual loss of 540 customers (45*12 months) • Value/Customer $300 • Total cost of online diversion to competition $162K If $162,000 in cash was missing, would you investigate?
Reputational Loss • Disney, September 28th, 2009 market cap of $51+B at $28.+/share • Disney Online, 163M videos viewed/Google, August 2009* • and by the way…. • http://disney-erotico.websitesporn.com • http://disney-cruise-best-deals.air.servehttp.com • http://disney.sex.com • * as reported by comScore, Inc. September 28th, 2009 18
Market Cap Loss Teck Cominco, February 10th, 2009 market cap of $16B at $27+/share (Diversified resource company committed to responsible mining and mineral development with major business units focused on copper, metallurgical coal, zinc, gold and energy) Email Pump/Dump email scam linking to Yahoo! Finance Falsified financials found on Yahoo Finance 19
Stella Loss • Estimated $400 million in annual lost revenue • Overall damage to brand estimated at $1 billion • Blog/Discussion Storm went undetected for six months • No controls or processes in place to monitor domains and sub-domains, email spam, Internet chatter, brand logos, names, links, etc. • Restart UK • New Agency • New Executive team • New Brand diligence
Counterfeit Revenue Loss & Risk US Health Science Summit Nov 2008 $3.3 Trillion WW spend 10% of all global prescriptions counterfeit Internet “Threat Assessment” Result: $20B+ Pharma $800M product 22,000+ infraction websites* Cost to company estimated at $80M Net Sales Annually @ 70%+ margin Action: Nothing - $4M to fix not in budget, channel issue and making number
Reputational Loss Reputation Damage: The website http://www.dealbreaker.com/2007/01/merrill_lynch_super_model_sex.php is discussing a sex scandal that took place between a Merrill Lynch executive and a super model
Act: Mitigation Strategies Effective Action Plans are a combination of subject matter expertise with online intelligence.
in Closing 27
What if? we added 5% in top line revenue? we moved the meter on customer satisfaction, would that make a difference and lower our call center costs? our channels were clean and trusted, what would the ROI be? an antitrust case was logged and how would it effect us? we lost our reputation? (60% of market cap) experienced a 10% market cap loss, what would we pay for that insurance? Bottom Line: CEO’s and Boards are now INVOLVED, as MARKET VALUES are affected…NO ONE OWNS it! 28
Listen to the Internet continuously in host languages Internet Data Mining capability Understand & Embrace Social Media Track Internet Linkages & Associations 24x7 Internet Incident Response Relationships with the 4,000+ Global Internet Service Providers & Certs Monitoring of your marks and messaging (IP and Images) Global Enterprise visibility & workflow Vendor Requirements 29
Appendix Thank You and Questions? 30
UNIQUE Capabilities “As blogs, message boards and social network sites continue to dominate the Internet culture, brand-monitoring services and security vendors must extend their technologies and services to cover these areas. Only Brandimensions and Cyveillance offer such services.” Gartner, Notes on Brand Monitoring firms 31