Protecting IP through domain management Chrissie Jamieson is VP Marketing at MarkMonitor Today, the practice of brand protection is harder than ever before. Not only does it include safeguarding a company’s reputation and intellectual property, but this also extends to customers as well. With the proliferation of the internet and social media, the threats to brands are ever-increasing; from brand abuse and counterfeiting, to fraud and cyber-attacks. At the center of brand protection efforts is the organization’s domain name(s). Domains form the core of any brand’s online identity and having them compromised can be catastrophic. However, according to recent research by MarkMonitor, nearly a quarter of businesses have been subject to domain attacks in the past year. Yet, despite this, 87% of businesses are taking a siloed approach when it comes to protecting their domains. So, why is it important that organisations change their approach and incorporate domain management into their brand protection strategies? After all, surely, they should be protected in the same was as a new patent or work or art? This article discusses the research to assess the current landscape and explore why domains are a vital component of any brand protection strategy. Why are domains so important to modern businesses? At a base level, domains provide organisations with a unique description that clearly distinguishes them from competitors. However, larger brands, especially those that operate globally, find the domain management process more complex than simply choosing and registering an initial domain. Sub-domains, name variations, domains for campaigns, defensive registrations and regional domains all need to be considered, registered and managed. The result is that organisations deal with large domain portfolios that are cost and time intensive both in terms of management and renewals. This is reflected in the number of domains brands currently own. The majority (56%) of respondents in the same research said they owned fewer than 100 domains, while a further 15% own 100-249; 9% own 250-500; and 8% between 500-1,000. However, despite the number of domains, not all of them are currently active. Almost one-fifth (18%) of respondents said up to 25% of their portfolio was active, while a further 18% said between 76-100% were active. Managing domains and the role they play in building awareness and maintaining customer trust is essential. It is, however, a costly endeavour. If brands have domains that aren’t adding any value to the organisation yet are still being paid for, is that resource better spent in securing and managing the core domains? Drivers for domain management The need for effective management is reflected in the fact brands recognise the importance of these domains. When asked what motivates their domain registration strategy, 60% said to promote new products or services; 38% said changes in the market, such as gTLD launches; 34% said reaching an international audience was a driver; and 27% said mitigating brand abuse. The importance of domains is also highlighted in that 43% of brands said they were a vital part of brand building and maintaining customer trust. However, almost one-quarter (23%) said domains represented a security risk to the brand, 17% viewed them as a necessary evil, and 16% said they were a valuable IP asset. Aside from internal motivations driving domain management, there are also various external factors that shape the management process. Most notably the issues of Brexit and the General Data Protection Regulation (GDPR), legislative elements that are having an impact on global brands. Interestingly, 61% of respondents said Brexit had no impact on their domain strategy, while 25% said they were re-evaluating their EU strategy. This lack of impact is perhaps surprising given that U.K. organisations have been made aware by EURid, the registry manager of the .eu TLD, that they are no longer able to register new or renew existing EU domains. Along the same lines, 34% of brands said GDPR hadn’t affected their domain strategy, while 28% said they were working with third party suppliers for assistance. Twenty per cent weren’t sure about the impact, and 18% said they were finding it more difficult to enforce against infringements. Managing domains is a complex process The challenges around domain management don’t stop there. Managing domains — cited by 34% of respondents as one of the main issues — also calls for registration, monitoring and renewing. Unsurprisingly, only security (56%) and cost of management (40%) ranked higher in the list of challenges. And, in a world where ROI is crucial, organisations strive to ensure they are optimising and streamlining the domain management process. Consider that 39% of respondents said their organisation spent up to $10,000 on management of their domain portfolio, with 7% of respondents said they spent in excess of $100,000. Therefore, given the cost implications and that this is such a critical part of operations, how is the management and renewal process approached? And is it the most effective method for the brand? More than one-quarter (26%) of respondents rely solely on renewal notices, while a further 25% subscribe to the industry best-practice approach and have a plan in place and collaborate with multiple departments. Twenty-one per cent of brands give the responsibility of management and renewal to one person; 13% approach it on an ad-hoc basis; and 10% work with a third-party provider to help them. Delegating this crucial task to just one person has a number of drawbacks; without a holistic approach it is difficult for this individual to see which domains are more important than others, which are being used and which domains can be sold off. It also means that if this staff member leaves the organisation or moves roles the knowledge around renewals and management could be lost; important notices could get lost in a defunct email box; and the organisation could miss renewal deadlines and face potentially devastating consequences. When it comes to board involvement around domain management and security, the importance is clear; 43% said it was an important board-level issue with hands-on involvement from directors. A further 35% said it was understood by the board but that they were not involved, 19% said it wasn’t a board-level issue in their organisation, while just 4% said the board didn’t understand the importance. Getting board buy-in and support is crucial for securing budget for management and security, as well as for ensuring that the domain process is included in the overall brand protection strategy of the business. This is particularly important when it comes to optimising the portfolio, getting the most value out of it, and having the resources to dedicate to this task. Broader challenges Organisations also need to navigate the changes to the industry itself, particularly the introduction of gTLDs and what these mean for their brands in terms of new registrations, security and management. Since the gTLD program was launched just a few years ago, hundreds of global brands have registered new gTLD domains. The aim of gTLDs was to help organisations differentiate themselves online by enhancing brand recognition, increasing customer trust and giving brands a better level of control over their online presence. How are they faring? Almost four in 10 organisations (39%) have registered a gTLD, with the most prevalent challenge being measuring its return on investment followed by brand impersonation (32%) and how to mitigate the risk of abuse against the new gTLDs (23%). In essence, gTLDs have opened up an additional avenue that brands need to consider as part of not only their domain strategy, but their online brand protection programs as well. Manage the domain to protect the brand The domain management process needs to form part of a wider brand protection program, especially with the increasing importance of cyber security. It also means there are several elements that need to be considered throughout the management of the domain portfolio — the most important of which is security. Increasingly, the Domain Name System (DNS) is becoming a target for hackers and cyber criminals, and with the increasing cyber threat, brands need to balance traditional domain management with online security as well. The threat is real. The Internet Corporation for Assigned Names and Numbers (ICANN) issued a warning earlier this year, calling out “an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure.” Threats include registry breaches, domain hijacking, phishing attacks, and use of malware to collect credentials, all of which highlight the need for having the right security measures in place and working with a corporate registrar who also has the expertise and technologies in place to protect its customers. This is reflected in the figures; almost one-quarter (23%) of respondents indicated their organisation had suffered an attack targeted at their domain. The consequences of these attacks varied from loss of data (48%) and damage to customer trust (38%), to loss of revenue (37%) and damage to reputation (32%). The bigger threats to the brand The cyber threat doesn’t just affect domains, but all aspects of the organisation as well. As a result, online brand protection is evolving to accommodate these changes and help mitigate the risk. However, only 44% of respondents indicated they had budget dedicated to online brand protection. Delving deeper, 43% of the sub sample said they dedicated 26%-50% of their total online brand protection budget to domain management, while 44% said they dedicated the same proportion to domain security. A further 49% said they didn’t have a dedicated online brand protection budget, which potentially leads to gaps in safeguarding the brand and not being able to manage abuse, fraud and cyber threats. While they may be able to react to issues and allocate budget on an ad hoc basis, brands need a more proactive approach to brand protection to ensure they are able to effectively mitigate the risk. Lack of budget was cited by 25% as a challenge in monitoring an effective brand protection program. Other issues include: lack of resources (27%), lack of knowledgeable staff (26%), and difficulty in quantifying infringements (24%). While brands are placing large emphasis on the cyber security aspect of online brand protection, the same focus needs to be given to their domain portfolio. The latter figure is put into clear focus looking at the fact 46% of respondents in the research say the cyber threat has influenced their domain strategy. Of that figure, 34% said they are managing their domain strategy more accurately and 12% said they are changing their approach. In fact, 42% of respondents said the increased attention on cyber security meant brand protection was getting more attention in their organisation. While domain security issues were certainly a concern, respondents cited a number of other issues. Fraud, in the form of malware and phishing, was cited by 61% as one of the main threats to their organisation. This was followed by piracy (37%), domain impersonation (32%), brand abuse (27%) and the dark web (18%). These threats were seen to come predominantly from Asia (58%), of which 35% were from China, Europe (24%), the US (20%), Africa (17%) and the Middle East (16%). This is important to keep in mind considering new domain name registration rules implemented in China in 2017. While these changes could reduce the risk of fraud, it doesn’t eliminate unauthorised uses of their brands online in the country. In terms of frequency, 6 in 10 brands have felt the impact of some kind of cybercrime in the last 12 months. This includes phishing (28%), false association (13%), brand/logo confusion (13%), keyword hijacking (13%), traffic diversion 12%, and lost traffic to cyber squatted sites (10%). Nearly half (48%) of decision makers in the survey believe that brand infringement has actually increased over the last 12 months. Conclusion The threats to a brand are not going to lessen in the future. If anything, they are more likely to increase. Cyber criminals will be increasingly looking to ride on the success of online brands and those without adequate domain protection will be more likely to come under attack. Registering a domain, in the same way as filing a patent, are not enough to ensure that a business is protected. Organisations need to defend their investment and with this comes challenges around budget, resources and ensuring that the domain portfolio is optimised. Domain strategies must be secured and managed to ensure that core domains are protected while others are offloaded to reduce vulnerabilities and working with the right partner can certainly help to streamline the process.
Cyber criminals will be increasingly looking to ride on the success of online brands and those without adequate domain protection will be more likely to come under attack