blog.brandprotect.com

Why you shouldn’t care about average takedown times for phishing attacks

 Email Article |  Twitter |  Facebook |   delicious |   StumbleUpon |   LinkedIn |  reddit 

“Lies, damned lies, and statistics”

For quite some time now, we have increasingly encountered a question when talking to potential clients:  “What is your average takedown time?”  This is a completely logical question to ask – cutting the lifetime of phishing sites is the whole point of employing a takedown service such as ourselves - but the question is a dangerous one.

First and foremost, there is no average phishing attack.  Each has different characteristics, sources and impact, and therefore the notion of an average takedown time is very misleading.  Simple attacks can be taken down in a matter of minutes, while some of the more sophisticated attacks, particularly those hosted on a fast-flux bot net, can take several hours or even days to resolve despite continuous efforts by the takedown provider. Since there is no caveat that smaller organizations will be targeted less, and rarely in a fast-flux attack, the average takedown time is almost completely irrelevant.

Vendors also have different definitions of what exactly constitutes an incident. Some of our competitors consider every distinct URL an incident, whereas BrandProtect has special guidelines for grouping similar URLs into one incident. This diversity amongst providers makes calculation of the average takedown time inconsistent, despite the unfortunate cases that some of our competitors are trying to lay claim to having the fastest average takedown times. 

Somewhat unsurprisingly, if BrandProtect were to play that game, our data suggests that our takedown times would equate to being significantly faster than those for our nearest competitor.  But BrandProtect doesn’t play that game.  We don’t claim to have the fastest takedowns in the industry; we claim to be the best.  Being the best is more than getting sites disabled quickly (which we do quite well, thankyouverymuch!), but also providing our customers with above-and-beyond service. 

Success in dealing with identity theft attacks cannot be measured by something as variable as takedown time – success is a function of detection, takedown, and communication effectiveness, all of which have a significant bearing on the overall time in which a phishing attack can cause damage.  Collaborating with clients and other partners to improve every aspect of our offering – detection, analysis, customer education programs, our client portal, reporting processes, etc. – is the only way to ensure the utmost client confidence that our response to an attack will result in minimal damage.