Fixing the Internet One Digital Ecosystem at a Time

Note: This article was initially published in ExchangeWire on May 10, 2018.

Internet

Read article

Over the past 14 years, The Media Trust has focused on one audacious goal: to fix the internet. The company has continuously monitored the internet for malvertising, creative quality, data leakage, and other compliance issues on behalf of organisations seeking to protect and monetise their mobile apps and websites. In this piece, ExchangeWire speaks with The Media Trust CEO Chris Olson; CRO Alex Calic; and European General Manager Matt O’Neill.

How The Media Trust delivers on its promise has evolved and expanded in scope over the years. The company’s products have noticeably shifted in approach from a reactive detect-and-notify to a pre-emptive identify-evaluate-notify-and-resolve. Olson and CTO Dave Crane started The Media Trust to meet publishers’ emergent need for a systematic way to verify whether an online ad published according to the contract with the ad buyer: on the right page location, to the right audience, at the right time. Next, they pioneered malware scanning and spawned services for malware prevention, creative QA, and data protection. Today, the company helps their clients address the three dimensions of digital risks – security, privacy, and quality – from a single platform known as ‘Digital Vendor Risk Management’. “We work with most of the largest publishers, advertising exchanges, demand side platforms (DSPs), brands, and e-commerce companies”, explains Olson.

Continue reading

What are the Experts saying about PyRoMine?

Article appeared in Brilliance Security Magazine, April 25, 2018.

BSM-PyRoMine

Read article

Recently, a new python-based cryptocurrency mining malware that uses the ETERNALROMANCE exploit was uncovered and dubbed “PyRoMine.” This malware is particularly malicious and those Windows machines that have not installed the patch from Microsoft remain vulnerable to this attack and similar attacks.

Alex Calic, Chief Strategy and Revenue Officer of The Media Trust explains, “Cryptomining is a profitable business, and its perpetrators are accelerating in numbers and innovation thanks to a growing number of weaponized exploits in their arsenals. What makes this incident unique and alarming are (1) the exploit’s ability to spread fast around the world, (2) the malware’s ability to disable a machine’s security features for future attacks, and (3) the malware authors’ intent to test a campaign before a multi-phased, full-scale launch. Such a campaign will pave the way for harvesting CPU power and personal data from millions of Windows users. Now is the time for enterprise IT to fortify their defenses by identifying who is executing on their sites and flagging suspect executables that indicate unauthorized activity may be afoot. Otherwise, enterprises may find themselves running afoul of GDPR, a European privacy protection regulation that goes into force on May 25th and is poised to fine infringing parties up to four percent of their annual global revenue.”

Continue Reading

Data is Power: Wield it Wisely

This article originally appeared in Corporate Compliance Insights on April 16, 2018.

Read article 

CCI-Data is Power

The digital age breeds constant change – none more powerful than the availability of data and, more specifically, the ease of collecting and using personal data. For industry, this data has the power to both accelerate new opportunities for growth and act as an anchor to drag down momentum. In an era where businesses prize data and guard against its misappropriation, its troubling that this discernment doesn’t carry over to the digital environment, where countless third parties and partners on enterprise websites and mobile apps have access to personal user data, often without a company’s knowledge.

Continue reading

 

Top 10 Mistakes Companies Make in GDPR Preparation

GDPR

This article appeared in the March 14, 2018 issue of ITBusinessEdge 

Read

With the EU’s General Data Protection Regulation (GDPR) only less than three months away from enforcement, organizations are (hopefully) pulling together their GDPR strategy. However, the nuances of GDPR are something most of us are still trying to understand – and we probably won’t grasp until the regulation is in effect and tested. In the rush to meet the compliance standards, errors will likely be made. I talked to security experts, and here are some of the more common GDPR prep mistakes.

“When it comes to GDPR compliance, the primary focus for most enterprises is on determining customer, partner, and employee-held data elements by the organization. Unfortunately, most have overlooked the significant amount of data collection activities occurring via the organization’s websites and mobile apps,” explained Chris Olson, CEO of The Media Trust. “This is a critical oversight since there are anywhere between tens to hundreds of unknown vendors not only executing code but also collecting personally identifiable information on website visitors. In fact, enterprises tend to find two to three times more vendor-contributed code on their websites than expected.”

Continue Reading

Cryptomining: the new lottery for cybercriminals

This article by Chris Olson, CEO at The Media Trust, was originally published on CSO, March 14, 2018

cryptojacking_hacking_breach_security-100747295-large

Read

Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous, but legitimate online businesses, cryptomining is quickly becoming a major concern for enterprise IT who frequently don’t know their digital assets have been compromised.

With stringent privacy laws coming online in 2018, it is imperative that organizations know all partners that execute code on the website. This information is critical for not only identifying the rogue source but also communicating expectations and enforcing compliance—key mitigating factors when it comes to regulatory penalties.

Continue Reading

Chrome Ad Filter: Publishers are you Compliant?

Authored by Alex Calic, Chief Strategy and Revenue Officer

Ad quality determines if your website is naughty or nice.

Chrome

Did you get the letter from Google? Late last summer, Google notified 1,000 website owners that their ads were annoying, misleading or harmful to the user experience.[1] Directed to Google’s Ad Experience Report, website owners were encouraged to clean up their ads.

This encouragement is now a directive. As of February 15, the latest Chrome version (v64) began to filter all ads across every website with a failing status as listed on the Ad Experience Report. Considering Chrome dominates the browser market (60-65%, depending on the resource), this news has serious repercussions for ad-supported websites. Never has so much hinged on ad quality.

Defining bad ads

The classification of a bad ad is no longer in the eye of the beholder (or media publisher). Formed in 2016, the Coalition for Better Ads (CBA) researched the acceptable advertising experience of 25,000 consumers in North America and Europe. The result is the Better Ads Standards, released in March 2017.[2]

In a nutshell, 12 ad types regularly annoy consumers and correlate to the adoption of ad blockers: 4 for desktop and 8 for mobile. Google is using the Better Ads Standards to evaluate ads on ad-supported websites. Upon initial review last summer, less than 1% of 100,000 websites contained ads violating the standards.

Fixing bad ads before they fix you

When it comes down to it, meeting the CBA standards shouldn’t be that difficult, especially if you’re a premium publisher that knows all parties contributing content to the user experience. This knowledge makes it easier to communicate and enforce any policy—be it ad quality, security, data leakage, performance and more—and cease business with those that don’t have your—and, therefore, the user—best interests at heart.

What happens if you chose to ignore the Chrome audience? Your website will be assigned a “failing” status, and if this status remains for more than 30 days, then Chrome will filter all ads running on your website. Therefore, your choice directly affects the website’s ad-based revenue continuity.

Be proactive. Adopt a holistic creative quality assurance approach to continuously assess ads—creative and tags—for compliance with regulatory requirements, company policies and industry practices, like those promoted by CBA. By developing a tactical ad governance structure, you can codify what constitutes an acceptable ad and ensure compliance with multiple industry standards.

Check: What’s your status?

The CBA also announced a self-attested certification program[3] whereby publisher participants pledge to abide by CBA standards. The program is free during the trial period, with an expectation that it will run at least until July when fees will be announced. As of now, Google agrees to not filter ads for any company participating in the CBA program. With the program’s initial steps only requiring registration, self-attestation and no fees, it makes sense for publishers to participate.

Regardless if you register with CBA, all media publishers should verify their status and take steps to remediate offending ad quality as soon as possible.

  1. Verify ownership of your website on Google Search console: https://support.google.com/webmasters/answer/34592  (note, your webmaster may have already done this.)
  2. Initiate verification by selecting “Manage property” and downloading the HTML file to your site. (Note, there are alternative methods such as using your Google Analytics or Tag Manager)
  3. Once your website is verified, Google will initiate scanning. The process may take some time.
  4. Access the Ad Experience portal: by selecting “Desktop” or “Mobile” (https://www.google.com/webmasters/tools/ad-experience-desktop-unverified?hl=en )
  5. Review your website’s status for both desktop and mobile
    1. Warning or Failing status requires immediate attention
  6. Remediate all ad quality issues, especially those promulgated by CBA through these steps:[4]
    1. Identify the source of the issue
    2. Communicate digital policy requirements, i.e., CBA standards
    3. Demand correction or remove the source from your digital ecosystem
    4. Document your remediation steps in the “Request review” area of the portal
  7. Submit for review by clicking “I fixed this”

As a member of Coalition for Better Ads, The Media Trust has various solutions to address ad quality, from creative policy enforcement to campaign verification.

Whatever your decision, you can achieve ad revenue objectives while delivering a clean and regulatory-compliant user experience. Clearly, a more positive ad experience benefits everyone—publishers, ad/martech and agencies and, most of all, consumers.

[1] Google letter: http://adage.com/article/digital/google-send-publishers-email-stop-serving-annoying-ads/310057/

[2]  [2] Better Ad Standards: https://www.betterads.org/standards/

[3] https://www.betterads.org/coalition-for-better-ads-opens-publisher-enrollment-in-better-ads-experience-program/

[4] https://support.google.com/webtools/answer/7305902