Mark Dargin is an experienced security and network architect/leader. He is a Senior Strategic Security Advisor, advising Fortune 500 organizations for Optiv, the largest pure-play security risk advisory organization in North America. He is also an Information Security & Assurance instructor at Schoolcraft College in Michigan. Mark holds an MS degree in Business Information Technology from Walsh College and has had dozens of articles published in the computing press. He holds various active certifications, including the CRISC, CISSP, CCSP, PMP, GIAC GMON, GIAC, GNFA, Certified Blockchain Expert, and many other vendor related certifications.
In this timely and relevant interview, Senior Strategic Security Advisor for Optiv, Mark Dargin, shares insights into why organizations must elevate brand protection strategies, how to leverage AI for brand protection and how to protect a brand from AI-based threats. It’s all here!
1. For our audience members who are unfamiliar, perhaps share a bit about why this topic is of increasing relevance, please?
The internet is now the primary platform used for commerce. This makes it much easier for brand impersonators, and counterfeiters to achieve their goals. As a result, security and brand protection are essential. According to the U.S. Chamber of Commerce, counterfeiting of products costs the global economy over 500 billion each year.
Use of emerging technologies, such as artificial intelligence (AI) and deepfake videos — which are used to create brand impersonations — has increased significantly. This AI software can imitate exact designs and brand styles. Deepfake videos are also occasionally used to imitate a brand’s spokesperson and can lead to fraudulent endorsements.
Large language models (LLMs), such as ChatGPT, can also be used to automate phishing attacks that spoof well-known brands. I expect for phishing attacks that spoof brand names to increase significantly in sophistication and quantity over the next several years. It is essential to stay ahead of technological advancements for brand protection purposes.
2. How can artificial intelligence elevate brand protection/product security? What specific challenges does AI address that other technologies struggle with?
Performing manual investigations for brand protection can require a lot of time and resources to manage effectively. It can significantly increase the cost for an organization.
AI is revolutionizing brand protection by analyzing vast quantities of data, and identifying threats like online scams and counterfeit products. This allows brands to shift from reacting to threats to proactively safeguarding their reputation.
AI can increase the speed of identifying brand spoofing attacks and counterfeiting. Also, it can dramatically shorten the time from detection to enforcement by intelligently automating the review process and automatically offering a law enforcement recommendation.
For example, if a business can identify an online counterfeiter one month after the counterfeiter started selling counterfeit goods vs. six months later, then that can have a significant, positive impact on an organization’s revenue.
3. In your experience, what are the most common misconceptions or concerns that clients express regarding the integration of AI into brand protection strategies? How do you address these concerns?
If used correctly, AI can be very beneficial for organizations in running brand protection programs. AI technologies can help to track IP assets and identify infringers or copyright issues. It is important to note that AI is an excellent complement to, but cannot fully replace, human advisors.
There are concerns amongst security and brand protection leaders that AI will cause their investigative teams to rely solely on AI solutions vs. using human intuition. While tools are important, humans must also spend an adequate amount of time outside of the tools to identify bad actors, because AI tools are not going to catch everything. Also, staff must take the time to ensure that the information sent to the tool is correct and within the scope of what is required. The same goes for the configuration of settings. At a minimum, a quarterly review should be completed for any tools or solutions that are deployed.
Leaders must ensure that employees do not solely rely on AI-based tools and continue to use human intuition when analyzing data or identifying suspicious patterns or behaviors. Consistent reminders and training of employees can help aid in this ongoing process.
Training in identifying and reporting malicious use of the brand name and counterfeiting should be included for all employees. It is not just the security team that is responsible for protecting the brand; all employees should be part of this ongoing plan.
4. Can AI-based brand protection account for regional, local or otherwise business-specific nuances related to brand protection and product security? Ex. What if an organization offers slightly different products in different consumer markets?
Yes, AI brand protection solutions can account for these nuances. Many organizations in the same industry are working together to develop AI-based solutions to better protect their products. For example, Swift has announced two AI-based experiments, in collaboration with various member banks, to explore how AI could assist in combating cross-border payments fraud and save the industry billions in fraud-related costs.
We will continue to see organizations collaborate to develop industry-specific AI strategies for brand protection based on the different products and services offered. This is beneficial because attackers will, at times, target specific industries with similar tactics. Organizations need to account for this. Collaboration will help with protection measures, even in simply deciding on which protection measures to invest in most heavily.
5. Reflecting on your interactions with clients who are exploring AI solutions for brand protection, what are the key factors that influence their decision-making process? (ex. Budget, organizational culture, perceived ROI).
From my experience, the key factor that influences decision-making is the perceived return on investments (ROI). Once the benefits and ROI are explained to leaders, then it is less difficult to obtain a budget for investing in an AI brand protection solution. Many organizations are concerned about their brand name being used inappropriately on the dark web and this can hurt an organization’s reputation. Also, I have found that AI security solutions that can help aid an organization in achieving compliance with PCI, GDPR, HITRUST, etc., are more likely to receive approval and support from the board.
Building a culture of trust should not begin when change is being implemented; but rather in a much earlier phase of planning or deciding on which changes need to be made. If an organization has a culture that is not innovative, or leaders who do not train employees properly on using AI security tools or who are not transparent about the risks of it, then any investment in AI will face increased challenges.
AI’s high level of refinement means it can reduce the time and increase the scope of responsibility for individuals and teams performing investigations, enabling them to focus on other meaningful tasks. Investigations that were once mundane become more interesting due to the increased number of unique findings that AI is able to provide.
Due to the time saved by using AI in identifying attacks, investigators will have more time to pursue legal implications; ensuring that threat actors or brand impersonators are given legal warnings or charged with a crime. This can potentially discourage the recurrence of an attack from the specific source that receives the warning.
6. Could you share insights from your experience integrating AI technologies designed for brand protection into comprehensive cyber security frameworks? Lessons learned or recommendations for CISOs?
Security and brand protection leaders are seeing criminals use artificial intelligence to attack or impersonate brand names and they can stay ahead of those threats by operationalizing the NIST AI Risk Management Framework (AI RMF), and by mapping, measuring, and managing AI security risks. The fight moving forward in the future is AI vs AI. It is just as important to document and manage the risks of implementing AI as is to document the risk of attackers using AI to attack your brand name or products.
Leaders need to start preparing their workforce to see AI tools as an augmentation rather than substitution. Whether people realize it or not, AI is already a part of our daily lives, from social media, to smartphones, to spell check, to Google searches.
At this time, a task that was a challenge before can be done a lot faster and more efficiently with the help of AI. I am seeing more leaders who are motivated to educating security teams on the potential uses of AI for protecting the brand and in preventing brand-based spoofing attacks. I see this in the increased investments in AI-capable security solutions that they are making.
7. Would you like to speak to Optiv’s partnership with Check Point in relation to using AI-based technologies for brand protection/product security? The value there?
Attackers target brands from reputable companies because they are confident that these companies have a solid reputation for trustworthiness. Cyber criminals also know that it is difficult for companies, even large companies, to stop such brand impersonations by themselves, if they do not have appropriate tools to aid them.
Optiv and Check Point have had a strong partnership over many years. Check Point has a comprehensive set of AI solutions that I had the luxury of testing at the CPX event this year. Check Point offers a Zero-Phishing AI engine that can block potential brand spoofing attempts, which impersonate local and global brands across multiple languages and countries. It uses machine learning, natural language processing, and image processing to detect brand spoofing attempts. This provides security administrators with more time to focus on other security-related tasks or can alert them when something suspicious occurs within the environment.
The value in using AI solutions from vendors such as Check Point is the reduction in time spent detecting attacks and preventing attacks. In effect, this can empower organizations to focus on the business of increasing sales.
8. Can you share examples of KPIs/metrics that executives should track to measure the effectiveness of AI-powered brand protection initiatives and demonstrate ROI to stakeholders?
Generative AI projects concerning brand protection should be adaptable to specific threats that organizations may have within their environments at specific times. KPIs related to adaptability and customization might include the ease of fine-tuning models, or the adaptability of protection safeguards based on a specific input. The more customizable the generative AI project is, the better it can align with your specific protection needs, based on the assessed threats.
Organizations need to measure KPIs for the AI brand protection solutions that they have deployed. They should track how many attacks are prevented, how many are detected, and how many are successful. These reports should be reviewed on a monthly basis, at the least, and trends should be identified. For example, if successful attacks are increasing over a span of three months, that would be a concern. Or if you see the number of attacks attempted decreasing, that could also be something to look into. In such cases, consider investigating, as to ensure that your tools are still working correctly and not missing other attempted attacks.
9. In looking ahead, what emerging AI-driven technologies or advancements do you anticipate will reshape the landscape of brand protection and product security in the near future? How should organizations prepare? What recommendations are you giving to your clients?
Attackers will be increasing their use of AI to generate large-scale attacks. Organizations need to be prepared for these attacks by having the right policies, procedures, and tools in place to prevent or reduce the impact. Organizations should continually analyze the risk they face from AI brand impersonation attacks using NIST or other risk-based frameworks.
Security and brand leaders should perform a risk assessment before recommending specific tools or solutions to business units, because this will ensure you have the support needed for a successful deployment. It also increases the chance for approval of any unexpected expenses related to it.
I expect that there will be an increase in the collaboration between brands and AI-capable eCommerce platforms to jointly combat unauthorized selling and sharing of data and insights, leading to more effective enforcement. When it comes to brand protection, this will set the stage for more proactive and preventative approaches in the future, and I encourage more businesses to collaborate on these joint projects.
Blockchain technologies can complement AI in protecting brands, with their ability to provide security and transparent authentication. I expect that blockchain will be utilized more in the future in helping brands and consumers verify the legitimacy of a product.
10. Is there anything else that you would like to share with our executive-level audience?
As the issue of brand protection gains prominence, I expect that there will be regulatory changes and the establishment of global standards aimed at protecting brands and consumers from unauthorized reselling activities. Organizations need to stay on top of these changes, especially as the number of brand attacks and impersonations is expected to increase in the future. AI and the data behind it are going to continue to be important factors in protecting brand names and protecting businesses from brand-based spoofing attacks.
It is essential to embrace innovation and collaboration in brand protection and to ensure that authenticity and integrity prevail, given the various threats that organizations face. Let’s be clear that one solution will not solve all problems related to brand protection. Rather, the use of various technologies, along with human intuition, strong leadership, solid processes, and collaboratively created procedures are the keys to increased protection.