By Daniel Avital, Chief Strategy Officer, CHEQ
When we think about industries most in need of cybersecurity protection, we tend to think of government, financial services, transportation, and healthcare. All of these are natural targets for data theft, espionage, financial fraud, and even terrorism. So naturally, when people hear that we work in cybersecurity for online advertising, they’re taken by surprise. “Cybersecurity for online advertising?” Huh, I didn’t realize that was a thing…”
Online ad-fraud | One of the fastest growing cyber-crimes out there
When we first took CHEQ to market, it was in response to what was quickly becoming one of the fastest-growing criminal enterprises in the world: ad fraud. What is ad fraud? Broadly speaking, it’s the attempt to generate fake online ad views, clicks, and engagement for monetary gain. These can be the result of small-time, one-man-show operations running simplistic bots, using proxy servers or contracting click-farms, or what is generally categorized as GIVT (General Invalid Traffic).
However, over the years we’ve witnessed a rapid growth in SIVT (Sophisticated Invalid Traffic), leveraging large-scale, complex bot-nets. These bots are designed specifically around online advertising ecosystems and infrastructure, looking to exploit weaknesses in the programmatic supply chain, publisher sites, adtech intermediary platforms, paid-social, and paid search platforms.
To understand how quickly this criminal enterprise is growing, consider that in 2017, aggregated industry data showed ad-fraud to be costing advertisers approximately $6.5 billion in wasted ad spend. Last year, new data suggested that this figure has risen to as high as $30 billion. This marks an almost 500% increase in just two years. Industry projections for 2021 are now talking about a figure north of $50 billion. That is absolutely astonishing growth, by any benchmark. Recent research into click fraud conducted by fraud expert Professor Roberto Cavazos of the University of Baltimore suggests even greater exposure to fake traffic on PPC advertising channels, now rivaling programmatic channels for fraud.
Why is ad fraud growing so rapidly? Because it’s easy to do and hard to catch.
When you think about what encourages or discourages someone from engaging in criminal activity, one key factor is the risk-reward element. Now consider ad fraud. The reward element is also extremely high, as there is little-to-no overhead required. Any hacker can do this from the comfort of their bedroom. On the other hand, the risk is extremely low. Your activity might be detected and blocked at some point, but the chances of the perpetrator actually getting named and caught are remarkably slim – not to mention that even if they were caught, the ability to prosecute such a person is very unclear, with questions of jurisdictions and varying internet laws among different countries.
But why is it more appealing than other cyber-crimes? Because up until recently, there’s been little cyber-driven ad security.
It is of course true to note that a good balance of risk and reward exists not only in ad fraud, but across most major cyber-criminal enterprises. And yet, ad fraud still stands out in its remarkable growth. The best explanation is that until recently, online ad security has been in its infancy, mitigated primarily by adtech companies, often referred to as “ad-verification” vendors.
These ad-verification vendors sprung up from within the adtech scene with capabilities better suited for measuring clicks and impressions, attributing users, and monitoring campaign performance. As they lacked a cybersecurity background, they relied primarily on IP blacklists to filter fake traffic, a methodology widely regarded as ineffective by anyone in the bot mitigation industry. These IP blacklists are purchased from third-party vendors, they age quickly, and they cover a very small portion of the fake traffic out there. So, if you’re a cyber-criminal, where would you rather turn your efforts? Toward governments and financial institutions who are deploying the most sophisticated, real-time, deterministic security? Or would you go for an industry that’s largely unprotected, which relies on dated methodologies? It seems many hackers and fraudsters are opting for the latter and choosing the easiest target available.
Advertisers turn to cybersecurity for a solution
With advertisers suffering severe losses and spending millions of dollars on ad-verification vendors who are incapable of mitigating the problem, large brands and media agencies have turned to the cybersecurity industry for solutions. This is how we at CHEQ, a cybersecurity bot-mitigation company, unexpectedly found ourselves working with large-scale online advertisers and brands. So, we were surprised when we first went to market just over three years ago to find just how sophisticated ad-fraud had become and how savvy the fraudsters were when it came to exploiting the inherent weaknesses of the adtech ecosystem.
Today, the world’s leading advertisers are already deploying solutions like CHEQ across all their different channels, from programmatic display and video, to paid search, paid social, OTT, publisher sites, content recommendation, and even 3D console gaming. The category of online ad security is now booming, as big-brand advertisers race to protect their billions of ad-spend dollars from the growing threat of ad fraud and click fraud. This makes online ad security a truly exciting new category, with a huge and largely untapped addressable market.
Daniel serves as Chief Strategy Officer at CHEQ, leading the company’s positioning and marketing efforts. Prior to CHEQ, Daniel served as Senior Director of Strategy at WPP’s Grey, leading brand strategy for some of the world’s leading advertisers including P&G, GSK, and Fiat Group.