• United States



by Senior Editor

Brand Protection: The Expanding CSO Portfolio

Jun 11, 20098 mins
CSO and CISOIT LeadershipSecurity

Security finds itself increasingly entrenched in the brand protection battle against counterfeit good, phishing email and other threats.

Pizza isn’t typically a topic of conversation in company meetings at Caterpillar, the world’s largest maker of construction and mining equipment, diesel and natural gas engines, and industrial gas turbines. But a recent unfortunate incident involving Domino’s Pizza had a special team tasked with protecting Caterpillar’s brand integrity taking notes and buzzing about how quickly a simple video can suddenly drag a massive corporate name through the mud.

Which also demonstrates how the role of security leadership, already subject to a high-speed evolution in the past half-decade, continues to expand. (See Evolution of the CSO.)

Last month, a prank video involving two Domino’s employees in a North Carolina store was posted to YouTube. The video, which showed the employees engaged in several disgusting and unsanitary food preparation acts, received well over one million views and quickly left the company scrambling with a brand impression nightmare.

[Also see a followup article on protecting your corporate brand on social media networks]

“Every company has a risk to its brand,” said Tim Williams, director of global security at Caterpillar (and CSO Compass Award winner in 2006). “With the proliferation of social interaction tools any company’s brand could be put under attack for a multitude of reasons. We all have to be very, very astute about watching for those emerging risks and be able to deal with them.”

Brand protection, brand integrity, brand reputation. Whatever you call it, it comes down to the public perception of your company and the products and services it offers or manufactures. Concerns vary widely among organizations. While a fast food chain like Domino’s is worried about how the public feels about their sanitation and food quality, manufacturers are concerned about supply issues, and financial institutions might be concerned their name (and logo) will be used in an email scam or phishing attack, for instance.

Like Caterpillar, many organizations are seeking ways to prevent brand infection and calling upon security and risk officials to figure out what needs to be done in order to prevent negative perception about a brand. Williams has a dedicated committee at Caterpillar working on brand issues. The aim is to assess risks of all kinds; anything from potential counterfeit parts in the supply chain, to the corporate reputation and perception that is conveyed through social networking sites.

“There are all kinds of things that could pop up at anytime that would have a serious impact on the brand,” said Williams. “And it can move at light speed because once it’s out there it is going to be going over the wire.”

Brand Protection Committees

Committees like the one at Caterpillar, are often comprised of representatives from an organization’s legal, marketing, security and human resource departments, according to Michael Rasmussen, president of Corporate Integrity, LLC, a Wisconsin-based consultancy that specializes in governance, risk, and compliance. Many companies are now using brand integrity issues as a way to put a positive spin on a company image, he said. More than 25 percent of the Global 100 firms include elements of security and privacy in their corporate social responsibility reports.

“The idea is that part of being a good corporate citizen and protecting the community is going above and beyond and protecting information,” said Rasmussen.

But a proactive plan and committee may not be nearly enough, according to Aon Corporation, a provider of risk management services. In a recent survey, Aon polled organizations in more than 40 countries and across 31 industries to find out their views of emerging and escalating business risks. According to the resulting 2009 Global Risk Management Survey report, damage to reputation was the sixth biggest concern among those polled. And a study released this month by the Chief Marketing Officer Council reports organizations’ concern over brand management and brand infection is growing as the down economy fuels increasingly global and organized counterfeiting operations. A global audit of 306 marketers found marketers are reporting a greater number of incidents or fraud online with 29.5 percent who said their chief vulnerability is in the digital world.

Online brand attacks can include cybersquatting, the practice of registering, trafficking in or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else (Read a report on cybersquatting growth here). Those who took part in the CMO study said brand value, trust, integrity and reputation are being significantly eroded and damaged as a result of grey market knock-offs, phishing attacks, cyber squatting, email scams, trademark abuse, copyright and patent infringements, and other malevolent forms of brand corruption online.

“Brand attacks, whether through online scams, phishing or cybersquatting, impact brand integrity and reputation immediately because the malicious activities are customer-facing and affect the heart of what contributes to underlying brand value; customer perception,” said Frederick Felman, chief marketing officer of MarkMonitor.

CISOs are often involved with implementing plans for combating phishing, often through communication campaigns, said Rasmussen. And intellectual property protection has become an area of concern for CISOs now, too.

“It’s not just brand protection to the world,” said Rasmussen. “But also to business partners.”

However, as with many security expenditures, Rasmussen said the pitch for investment in IP protection is often a tough sell. Rasmussen referenced a case of a CISO with a well-known semiconductor maker that had a partnership with a large mobile-phone manufacturer. While the company was not very interested in the CISOs desire to invest in IP protection technology, they changed their mind when he said “What about their (the client’s) IP protection?” forcing the company to think about the implications of a data breach that would effect a client relationship.

“Once he rephrased his argument, it changed their perception,” said Rasmussen.

But the digital realm is only one area where attack on brands can take place. The CMO study also found 22.6 percent cited offline concerns, such as supply chain issues, as their main vulnerability. The Aon survey cited distribution or supply chain failure as the eighth largest risk to business.

“Counterfeiters have proven themselves quite adept at getting counterfeit products introduced into the legitimate supply chain,” according to Jack Holleran, an Ernst & Young attorney who leads EY’s corporate compliance advisory services practice. “There was time when counterfeit products were sold on street corners and in bus stations and back alleys. But it is now much more prevalent to find counterfeit products on legitimate retailers’ shelves.”

Holleran, who at one point worked for Phillip Morris in the legal department and formed the company’s brand integrity unit, is primarily focused now on assisting chief compliance officers with the design and implementation of compliance programs. But brand integrity and anti-counterfeiting are now part of compliance as well, he said. Whether a company is in consumer products, technology or manufacturing, they face the risk of increased scrutiny from regulators if a company does not show that they are taking every reasonable step to protect the integrity of their supply chain and ensure no fakes are inserted into the process. Security also comes into the process, he noted.

“Counterfeiting and other attacks on brands are illegal,” he said. “Part of a company’s strategy in dealing with that issue needs to be outreach and engagement with law enforcement. While security may not play the lead role in terms of ascertaining how big a problem a company may have, they often play a critical role in outreach to law enforcement.”

Relationships with law enforcement are critical now for companies with concerns about counterfeiting, according to Alex Burgos, a spokesperson for the Global Intellectual Property Center, an affiliate of the U.S. Chamber of Commerce.

“A lot of counterfeits come in from other countries, such as China. So many companies work with law enforcement authorities to make sure they aware of how to detect fake products and to keep them up to speed on new challenges and trends they are seeing.” (See Faked in China for an in-depth look at difficulties dealing with that country.)

And beyond brand integrity, there is the obvious financial loss of counterfeiting, too. Counterfeiting and piracy costs the U.S. economy an estimated $250 billion per year, according to the center, which issues a yearly Intellectual Property Protection and Enforcement Manual. It is essentially a legal guide for companies that includes best practices in place at some organizations when it comes to brand protection and anti-counterfeiting measures and includes a checklist of questions a company can use to assess their risk for counterfeiting. Just about any major brand name is at risk, the manual warns, while it urges all to take precautions.

“Any company with a well-known, valuable brand should assume that its brand is already being counterfeited,” it states. “For companies lucky enough not to be victims, it is a question of when, not if.”