Online Ad Security: Building the Next Big Category in Cyber Defense

“Cybersecurity for online advertising? Huh, I didn’t know that was a thing…”. Three years back, when we first took CHEQ to market, that was the typical response from our peers in the cybersecurity industry. When we think about industries most in need of cybersecurity protection, we think of Government, Financial Services, Transportation and even Healthcare. All of these are natural targets for data theft, espionage, financial fraud and even terrorism. But online advertising? Back then, nobody in cybersecurity was looking into this market.

Online Advertising Fraud | The Fastest Growing Criminal Enterprise you’ve never heard of

When we first decided to focus CHEQ’s bot mitigation capabilities on the digital media ecosystem, it was in response to what was quickly becoming one the fastest growing criminal enterprises in the world – Ad Fraud. What is ad-fraud? Broadly speaking, it is the attempt to generate fake online ad views, clicks and engagement, for monetary gain. These can be the result of small-time, one-man-show operations running simplistic bots, using proxy servers or contracting click farms, what is generally categorized as GIVT (General Invalid Traffic). However, over the years we’ve seen a rapid growth of SIVT (Sophisticated Invalid Traffic), leveraging large scale, complex bot-nets. These bots are designed specifically around online advertising ecosystems and infrastructure, looking to exploit weaknesses in the programmatic supply chain, publisher sites, Ad-Tech intermediary platforms, paid social and paid search platforms. To understand how quickly this criminal enterprise is growing, consider that in 2017, aggregated industry data showed ad-fraud to be costing advertisers approximately $6.5 Billion in wasted ad spend. Last year, CHEQ’s own data has shown that this figure has risen as high as $30 Billion. This marks almost 500% growth in just two years. Industry projections for 2021 are now talking about a figure north of $50 Billion. That is absolutely astonishing growth, by any benchmark.

Why has Ad-fraud Become so Common? It’s all About the Favorable Risk-Reward Element

When you think about what encourages or discourages someone from engaging in criminal activity, one of the key factors is the risk-reward element. Think about drug trafficking. Obviously, the reward element is very high. Drug trafficking can be extremely lucrative both at the individual dealer’s level and for a larger organization like a cartel or a syndicate. But so is the risk – After all, we all know how the story ends for most drug lords and dealers. In most cases it’s jail, in many other cases it’s death and can often even entail the death and injury of the perpetrator’s family and friends. Now consider Ad-Fraud. The reward element is also extremely high, maybe even more than drug trafficking, as there is little-to-no overhead required. Any hacker can do this from the comfort of their bedroom. On the other hand, the risk element is extremely low – Your activity might get detected and blocked at some point, but the chances of the perpetrator actually getting named and caught are remarkably slim, not to mention that even if they we’re caught, the ability to prosecute such a person is very unclear, with questions of jurisdictions and varying internet laws between different countries.

But is Ad-Fraud Less Risky than other Cyber-Crimes? Yes, Because There’s very Little Resistance

It is of course true to note that a good balance of risk and reward exists not only in ad-fraud, but across most major cyber-criminal enterprises. And yet Ad-Fraud still stands-out in its remarkable growth. The best explanation is that until recently, Online Ad Security has been in its infancy. CHEQ was the first cybersecurity company to transition into ad-fraud prevention. Prior to CHEQ, ad-fraud was being mitigated exclusively by AdTech companies, often referred to as “Ad-Verification” vendors. These Ad-Verification vendors sprung up from within the AdTech scene with capabilities better suited for measuring clicks and impressions, attributing users and monitoring campaign performance. As they lacked a cybersecurity background, they relied primarily on IP blacklists to filter fake traffic, a methodology widely regarded as ineffective by anyone in the Bot Mitigation industry. These IP blacklists are purchased from third party vendors like IP2Location, they age quickly, and they cover a very small portion of the fake traffic out there. So, if you’re a cyber-criminal, where would you rather turn your efforts? Towards governments and financial institutions who are deploying the most sophisticated, real-time, deterministic security? Or would you go for an industry largely unprotected which relies on dated methodologies? It seems many hackers and fraudsters are opting for the latter and choosing the easiest target available.

Building the Online Ad Security Category: How Cybersecurity is Changing the Game

When we entered the space, we had the clear goal of introducing cutting-edge cybersecurity technology to mitigate ad-fraud and provide the world’s largest advertisers with a solution for the tens of billions of dollars lost annually. The first stage was building machine learning algorithms that could detect anomalies in user and network behavior. We had to look at user scrolling patterns and mouse movements, we had to find discrepancies between the data transmitted from the user’s browser and what we were seeing on their backend. We created OS and Device fingerprinting and unique honeypots designed for ad-units. It was like building entirely new security capabilities, tailored to the unique characteristics of the online ad ecosystem. But merely developing the capabilities wasn’t nearly enough. In order to provide giant brands and media agencies with coverage of all their activity, we had to build a multi-channel infrastructure to cover them everywhere. Within three years, CHEQ was deployed across programmatic display and video, paid search, paid social, OTT, publisher sites, content recommendation and even 3D console gaming. Today, many of the world’s leading players in advertising, from Dentsu, to Outbrain, Spark Foundry and even Chanel, deploy CHEQ to protect their ad-spend. The category of online ad-security is now booming, as big brand advertisers race to protect their billions of ad-spend dollars from the growing threat of ad-fraud. This makes Online Ad Security a truly exciting new category, with a huge and largely untapped addressable market.