Ad fraud and ad threats are heavily conflated issues, Maggie Louie, founder and chief executive officer of Devcon, told the audience at the Local Reader Revenue Symposium that INMA co-hosted with Mather Economics as part of Media Innovation Week. Ad fraud is a familiar topic for publishers, Louie said, but clarified what is meant by ‘ad threats.’
“Hackers and criminals have weaponised the ad tech,” she said. “So the advertising pipe becomes a distribution channel, and they use that to infect ads and distribute malware through publishers’ sites.”
Users may experience this on a small scale when a pop-up redirects them to another Web site, but Louie said this includes more malicious acts as well, such as inserting data miners into the ads.
“But the fact is that 1.5% of all ads are distributing malware,” she said. “So your consumers are 150x more likely to be attacked by one of your ads than by a phishing attack.”
Louie listed four key revenue impacts these security gaps present for publishers.
1. Direct revenue loss: “We measured for two years the financial impact of stopping the exploit ads...What we found is that overall an average of 30% of revenue is recovered by stopping the bad ads."
2. Operational overhead: “If anyone’s had to deal with this, it’s a nightmare.”
3. Brand reputation: “Getting someone back after they’ve been hit maybe even twice in one day is brutal for your brand.”
4. Regulatory and legal penalties: “But then the piece that we haven’t really talked about or hit on yet are the regulatories.”
“No much how much your developers review the code before it’s live, it can change as soon as it goes live,” she said.
Something publishers can do proactively is connect their marketing and cyber security teams and start a dialogue.
“You don’t want your marketing team managing a security gap,” Louie said. “You don’t want your security team blocking your revenue. You want these teams working closely.”
Furthermore, publishers must reframe security as an innovation opportunity and take precautions to remove risk for customers before code goes live: “You have to embrace the security side of this as an innovative, sexy thing that we’re doing that’s exciting.”