Authored by Alex Calic, Chief Revenue Officer, The Media Trust
3 steps to anti-malware certification
Malware is a serious problem in the digital advertising ecosystem. Not only is it a contributing factor to ad blocking adoption, but also a significant driver of ad fraud. The World Federation of Advertisers estimates that the total cost of ad fraud could exceed $50B by 2025. Clearly, something must be done.
Various groups have attempted to address this malware problem with little success, but one group is taking decisive action. The Trustworthy and Accountability Group (TAG)—supported by the IAB—recently launched a malware certification program. As an inaugural certification recipient, The Media Trust is fully behind this initiative—just ask for program details.
The certification program is open to any entity that touches creative as it moves through the digital advertising ecosystem, from buyer to intermediary to seller. Even malware scanners like The Media Trust have the option to participate and commit to industry efforts for creating a healthier advertising supply chain.
Benefits: Reap what you sow
TAG’s “Certified Against Malware” seal is awarded to enterprises that can demonstrate adherence to rigorous anti-malware standards, especially those delineated in TAG’s Best Practices for Scanning Creative for Malware.
The program yields a host of benefits for publishers and their upstream partners. Specifically, participating companies can:
- Improve their enterprise security posture: Adoption of continuous, 24/7, client-side scanning of digital advertising campaigns detects malware before it propagates to consumer devices.
- Speed incident response: By allowing The Media Trust to send simultaneous alerts to you and your business partners, you reduce the time needed to resolve the issue across your entire advertising value chain.
- Satisfy upstream partner requirements: Demonstrate compliance with advertiser and/or buyer directed policies for security.
- Protect your brand value: Receive a “Certified Against Malware” seal from TAG to signal your enterprise’s efforts to identify and remediate malware in the digital ecosystem, a key element in many value propositions
- Prove digital asset governance: Discovery and validation of all parties executing in your digital ecosystem supports enterprise-wide governance and risk frameworks.
Requirements: Steps to anti-malware certification
Anti-malware certification program participants promise to adhere to malware scanning best practices, make best efforts to identify and terminate malicious activity, and submit to a TAG-directed audit.
You, too, can join industry efforts by following these steps:
- Complete TAG registration: If not already a TAG-registered company, fill out the registration form, signal interest in malware certification (fees may apply), and designate both a TAG Compliance Officer and a primary malware point of contact. Indicate anticipated anti-malware certification path:
- Self certify: Enterprise submits forms and documentation directly to TAG
- Independent validation: Accredited audit firm or digital media auditor submits forms and documentation to TAG on the enterprise’s behalf
- Evaluate digital advertising ecosystem: To determine a reasonable scanning cadence, companies need to understand existing inventory flowing through the environment and the involvement of all upstream partners. Review existing inventory and assess typical volume by in-house, direct and programmatic; and, also consider the volume percentage by display, mobile, video, header bidding, etc.
Upstream partners should be identified and points of contact for security violations documented. Appraise each partner according to their history of addressing malware incidents, industry reputation and general relationship experience. Especially if a direct contract is not involved, discuss respective malware scanning responsibilities.
- Scan inventory: Implement malware scanning according to TAG’s Best Practices for Scanning Malware and document the entire processes. As a Certified Against Malware scanner, The Media Trust provides documentation on the scanning protocol for your environment including resolution procedure for malware incidents (Red Flag event).
NOTE: Watch this quick overview of TAG’s recommended scanning cadence.
Terminate malware: What are you waiting for?
The future of the digital ecosystem rests on everyone’s shoulder—advertiser, agency, ad tech and publisher. Let’s make it a better place. Verify your inventory is malware-free. The Media Trust can show you how—Just ask.