Asaf Greiner, Protect Media: “sophisticated hackers are manipulating non-security-savvy advertising teams”

Famous for its impressive market size, high turnovers, and simple KPIs, online advertising is a lucrative world for fraudsters.

For an average user, ads can be annoying – and they can hide malware or redirect you to a fraudulent page. To solve those issues, users often look for ad blockers and similar cybersecurity tools. However, the digital advertising industry may be secure from fraud – and step up its reputation with viewers by implementing proper cybersecurity solutions.

We reached out to Asaf Greiner, the CEO of Protected Media – the company focusing on protecting the e-commerce and advertising industry from fraud – to learn more about the essential fraud prevention techniques.

Tell us a bit about your journey throughout the years. How did Protected Media originate?

Protected Media started after its founders, who were, at the time, creators of solutions protecting businesses from computer viruses, noticed many of the viruses were busy interacting with websites and clicking on ads. After researching the field, they discovered sophisticated hackers were manipulating non-security-savvy advertising teams.

With the idea of creating military-grade security protection for the online advertising industry, they raised initial funding from Israel's leading advertising agency and assembled a team of security with deep expertise in analyzing criminal activities and a passion for innovating methodologies for detecting new fraud schemes as they are created.

You focus on something called ad fraud. Can you tell us more about this type of threat?

The online advertising world is a huge market of about $300B annually. And it is based on very simple KPIs, such as views and clicks on ads, making it very lucrative for fraudsters to create large volumes of fake users, impersonating real users but with zero value to advertisers, who are paying for it.

Dozens of billions of USD are wasted on non-valid impressions every year. There are advertising industry-grown solutions. Protected is looking to help the industry grow with advanced security methodologies.

Which set of tools do you use to detect fraud across all channels?

As you cannot ask a user to interact with a CAPTCHA to be eligible to watch or click an advertisement, our front-end technology is based on JavaScript served with the ad's creative, collecting hundreds of parameters.

The advanced analytics, intelligence gathering, and decision-making process happen on the back-end, with our data canter crunching large volumes of transactions continuously.

We are focused on being effective and efficient. Tools we can take off the shelf or tweak are preferred, but our team builds much of our tech stack as we define our own needs and require significant research of our use cases before developing and continuous tweaking, as we're facing human adversaries.

As we succeed in weeding out the fraud, the lower capability fraudsters get pushed out of the market, but advanced crime organizations keep growing in sophistication, and the arms race keeps R&D teams on our end and the attackers constantly busy.

Did you notice any new cybersecurity threats arise as a result of the pandemic?

Fraudsters follow the money. In the pandemic's case, we have seen CTV services rise and gain advertiser dollars.

CTV was built to be quick and give a great user experience, but that comes at the cost of what kind of tech you can place within it to detect threats, and fraudsters are making a fortune manipulating CTV data to part advertisers from their wallets.

Interestingly enough, in 2017, we developed a technology aimed at CTV protection and filed three patents, which we have just been granted, so this rising threat has become our opportunity to shine.

Besides ad fraud, what other fraud methods are prominent nowadays?

I have been looking into the Metaverse as the next threat landscape, as it'd likely also be the next advertising landscape. Brands are already buying virtual real estate and in-game billboard ads, and though it is very early days, I expect that in parallel to us, some hackers are devising a plan to take advantage of this. I am looking at the cryptocurrency market, and I see an incredible amount of error, fraud, and absurdity mixed with so much hype, scams, and FUD all around. I think we may see some of this happen in the Metaverses that will emerge, especially if there would be the transferability of crypto assets from and to them.

What would you consider to be the biggest security mistakes people tend to make when it comes to connected devices, especially connected TV?

We're a B2B team, and our focus is not the end-user, so I'll look at the professional teams we work with and their mistakes. Usually, the first mistake of security is bringing it in too late. Rather than having security baked into a system from the core, we tend to bring it when the trouble starts, often when systems have been built, and you need to patch them and augment them with crippling security measures. These often collide with user experience and functionally, causing a sub-optimal solution and constant friction with users and administrators.

In your opinion, which types of organizations or individuals are attractive targets for fraudsters and should implement proper security measures as soon as possible?

Larger organizations tend to have more security resources and awareness and thus are often much better protected. They do tend to be targeted more, but even when they get hacked, they can often recover, as most of them have large buffers and margins to deal with unfortunate circumstances anyway.

Small organizations are usually the ones who need security the most. They can't afford to plan or budget, and they don't like spending preparing for attacks, as they are not very frequent. However, in cases where smaller organizations are attacked, the damages tend to be much more significant and sometimes fatal.

Now mixing the small size organizations with complex financial fields like the Defi world opens some very dangerous risks. There are often assumptions that since the blockchain is protected by very complex cryptography, that'd somehow protect the rest of the components, but the risks for the small organizations dealing with unforgiving hard-to-grasp assets create a very dangerous arena that needs a lot more security.

Talking about individual users, what security measures are essential for staying safe online?

The most important thing has always been being cautious, aware, and employing common sense. The human engineering factor has always seemed more important than antivirus to me.

When you analyze many of the successful attacks out there you find a great deal of them are caused by human carelessness, lack of awareness, or sometimes even plain foolishness. I think that if we could get people to just hear some of the fascinating stories of how people similar to them fell prey to fraud, it'd grow resilience in them that could save them a world of pain.

And finally, what’s next for Protected Media?

Protected Media was recently acquired by Mediaocean and is on a wonderful path to bring our ground-breaking ad verification solutions to advertisers, agencies, publishers, and more.

We've created a unique platform that serves as a bridge of trust between the various players in the advertising world. With the use of advanced cryptography and our goal is to create a new equilibrium, where publishers and broadcasters would bake security and transparency into their systems and in return would get higher monetization from advertisers who are looking to engage in safe environments. We are creating hoping to rather than keep looking for the bad apples we could unite the good players to work together on the Mediaocean platform.