TAG Today - June 2021
- TAG x DoJ whitepaper
- Certified Against Malware and Brand Safety Certified July 2021 guidelines updates
- TAG In The News
TAG and US Department of Justice (DOJ) Help Industry Adopt Best Practices to Fight Digital Ad Crime
Earlier this month, TAG and the US Department of Justice (DOJ) released a joint white paper, “Best Practices for Working with Law Enforcement,” offering information and advice to the ad industry based on the organizations’ close and effective work together.
The white paper offered four primary recommendations:
- Get your house in order – by educating senior management about threats, having an actionable plan in place, making sure cybersecurity procedures are current, implementing appropriate cybersecurity technology and services prior to an incident, and ensuring legal counsel is familiar with cybersecurity incident management.
- See the big picture – by establishing relationships with private and public Information Sharing and Analysis Organizations (ISAOs) such as TAG, building relationships with law enforcement agencies, and bolstering intelligence collection sources.
- Act fast after a possible cyber attack – by contacting law enforcement, suspending the use of compromised systems, documenting all investigative steps, and preserving the evidence for use in legal proceedings.
- Stay the course – by sharing the results of internal investigations and civil lawsuits with law enforcement for evaluation and potential action and remaining vigilant to protect against follow-up attacks.
To highlight the release of the white paper, top TAG and DOJ executives spoke with Business Insider for an in-depth look at how the ad industry is helping law enforcement tackle cybercrime.
An excerpt from that article follows:
The Department of Justice is trying to convince advertisers to report ad fraud to law enforcement as it steps up its pursuit of cybercrimes.
"We're looking to help the industry understand what law enforcement does, how to interact with law enforcement in a productive way, how we can understand their business models, and what they're looking for from law enforcement when they report," John Lynch, chief of the computer crimes and intellectual property section at the US Department of Justice, told Insider. …
"There can be apprehension about coming to law enforcement," said Lynch. "'What is law enforcement going to want? Are they going to take away all of my computers?'"
The Department of Justice is trying to change that. It, with the Trustworthy Accountability Group (TAG), an industry organization that combats digital ad fraud and malware, released a guide Tuesday to demystify the process of reporting fraud and encourage fraud victims to report crimes to law enforcement. …
Law enforcement has grown more interested in combatting ad fraud in the past two years, TAG CEO Mike Zaneis said. A few months after the digital ad industry throttled the Hydra botnet in mid-2020, the FBI reached out about another attack that might have come from the same criminal network, he said. That investigation is ongoing.
The interest comes as ad fraud is likely to increase, with fraudsters finding new opportunities in mobile and connected TV. And fraudsters are also getting more complex, requiring greater cooperation across the ad industry.
The full TAG-DOJ white paper and summary videos on key takeaways can be found at https://www.tagtoday.net/insights/tag-doj-whitepaper.
TAG Finalizes New Guidelines for Brand Safety and Malware Programs
After reviewing and incorporating community comments on the proposed guidelines for the TAG Brand Safety Certified (BSC) and Certified Against Malware (CAM) Programs, TAG has finalized those updated guidelines, which will take effect on July 1, 2021, when companies can begin to certify under the new guidelines. All companies must certify or recertify under the updated guidelines by January 31, 2022.
For the Brand Safety Certified (BSC) program, the most notable of the changes and additions for the next version of the guidelines will be:
- The migration of core elements of the TAG Certified Against Piracy Program into the BSC program, as the program will be discontinued at the end of 2021. This will ensure that moving forward, the potential brand risk from association with pirated content and sites will be addressed through the BSC Program.
- The requirements for content verification vendors’ compliance with the program have been strengthened, and we have migrated Anti-Piracy Vendor Services to the BSC program.
- The new guidelines recognize IAB Tech Lab’s Content Taxonomy 2.2 update, which includes 11 sensitive taxonomy topics and the brand suitability framework applied to each. TAG’s BSC program will follow its adoption by making it a best practice principle, with the goal of making it a full requirement as more companies implement the new provisions.
TAG’s Certified Against Malware (CAM) Program’s new guidelines, v4, are designed to strengthen the program’s robust malvertising prevention requirements around monitoring and scanning, while expanding participation by important players in the threat-sharing process.
Specific changes to CAM guidelines include:
- The definition of vendors has been updated and expanded to encompass all companies that provide services, reporting and insights to combat malvertising.
- Requirements around the sharing of threat intelligence have been updated, including those around the assessment of malvertising events and handling of incident escalations and post-mortems.
- Requirements have been added for Intermediaries and Vendors to employ effective malvertising detection and removal services, while removing specific disclosure requirements around their own malware scanning and rescanning.
- Direct Buyer and Direct Seller requirements have been streamlined to open up the program for all TAG members and help foster a stronger threat intelligence sharing community.
If you have questions regarding the new guidelines or the certification process, please contact Bonnie Niederstrasser (for CAM) at firstname.lastname@example.org or Adrian Lacey (for BSC) at email@example.com.
TAG IN THE NEWS
From “Winning the Race Against Ad Fraud” in Raconteur:
If the impact of ad fraud is difficult to estimate, imagine how hard it is to track and stop. According to Cavazos, we’re in a race between the criminals and the companies developing solutions against the threat, with the danger always evolving. Indeed, it’s hard to know which form of ad fraud is most concerning, he says, with the answer depending on an advertiser’s particular activities, among other factors.
Tina Lakhani, head of ad tech at trade body the Internet Advertising Bureau (IAB) UK, agrees. She says there is a range of technologies available to help monitor and mitigate fraud. The challenge is “evaluating different technologies out there, knowing which ones to work with and where to start”.
The IAB has been creating industry standards for such technologies, along with bodies like the Trustworthy Accountability Group (TAG), helping assure buyers that their security providers have been independently audited.
From an op-ed by Richard Reeves, Managing Director, Association of Online Publishers, in WARC:
Of course, brand safety should always be a priority, especially during a time of widespread misinformation, but the burden shouldn’t lie on one industry player and certainly shouldn’t punish highly-regulated premium publishers.
According to the latest Trustworthy Accountability Group (TAG) survey, consumers feel brand safety responsibility should lie equally across all industry players including advertisers (52%), agencies (56%), technology providers (47%), and publishers (54%) – and we agree. We must work together to create a trusted ecosystem, but also a fair one.
A PR Reminder from TAG
We love it when TAG members highlight our work together to fight digital ad crime and improve transparency. Please send any TAG-related press releases, blogs, or other announcements to Andrew Weinstein at firstname.lastname@example.org for review before release.