Legal Takedowns vs. Cyber Takedowns: What to Use When

Imagine you’ve just discovered that threat actors have registered a lookalike domain and are using it to host content that impersonates your business. It’s a safe bet that your customers will soon begin falling for the ruse and handing over personal information to the threat actors, if they’re not already.

Faced with this threat, how can you protect your business’s reputation and brand? There are two main options. One is to contact a law firm, which can help initiate a legal takedown of the malicious content and domain. The other is to call a team of cybersecurity experts to start a cyber takedown.

Which team – lawyers or cybersecurity experts – is the best choice for remediating the threat? The answer depends on the type of content you’re trying to take down and how quickly you want to remove it. But as this article explains, cyber takedowns are typically the better solution because they deliver faster results with less hassle and at a lower total cost.

The cybersecurity benefits of lawyers and legal takedowns

You may not think of lawyers as a key part of your cybersecurity defense strategy, but they are. Lawyers can help respond to cyber threats in several key ways:

• Establishing a legal framework: Before an attack even occurs, lawyers can help draft legal frameworks for your business to follow when negotiating confidentiality agreements with customers and partners. Such a framework helps to limit the losses caused by a breach.
• Ensuring a compliant response: Cyber attacks may result in events (such as loss of sensitive data) that require regulatory reporting or disclosure. Lawyers are the experts in determining which steps are necessary following an attack to remain compliant – which is important because a successful breach causes enough harm on its own to your company’s reputation. You don’t want to make it worse by running afoul of regulators in the aftermath of the attack.
• Managing insurance requirements: If your business is protected by a cyberinsurance policy, lawyers can help determine which information you need to share with the provider to make a claim following an attack.
• Initiating legal takedowns: Lawyers can start the process of requesting takedown of malicious domains that mimic your company’s brand in an effort to confuse customers. Legal takedowns are especially important in scenarios where domains don’t actually host malicious content but simply redirect to other domains that do. In that case, there is no content for a cybersecurity team to take down, but a legal team can initiate a UDRP dispute to deal with the attack. Lookalike domains with no offensive content cannot be removed by cybersecurity companies. Only domains with sufficient evidence of malicious activity, such as a phishing website hosted on the domain or a phishing email that was sent from it can be taken down.
• Coordinating large-scale phishing responses: In situations where phishing or other type of attacks occur on a large scale and can be linked to certain infrastructure platforms, ISPs or other entities, lawyers can work with government agencies to request legal takedown of the resources being used to launch attacks – a move taken by the U.S. Department of Justice to fight the foreign group responsible for the NotPetya and other attacks, for example.

In short, lawyers can help to protect a company’s brand and limit the harm caused by an attack – although it’s important to note that the methods lawyers use to stop threats usually move slowly. It could take weeks, or potentially even months, to take down malicious domains using a legal approach.

They are often extremely costly too, as they charge by the hour.

When to leverage cyber takedowns

On the other hand, cyber takedowns – meaning actions undertaken by cybersecurity experts to delete or block malicious content – are typically much faster, often delivering results within a day.

There are three reasons why:

1. Legal claims are complex and involve a lot of bureaucracy. Lawyers have to validate that they represent the entity making a claim, prove that a malicious activity took place, then wait for whichever authority oversees the process to review the claim and take action. As GigaLaw puts it, “Drafting a complaint under the Uniform Domain Name Dispute Resolution Policy (UDRP) may seem like a simple process – but it’s not.“
2. Cybersecurity teams typically already have relationships with major infrastructure platforms and providers, so they can work with them directly to remove malicious domains or content.
3. In cases where there is no preexisting relationship or where a platform provider is uncooperative, skilled cybersecurity teams can take down content via technical methods.

Cyber takedown examples

To illustrate why cyber takedowns are often the fastest way to respond to an attack, consider the following examples.

Lookalike domain

In the case of a lookalike domain – meaning a domain that closely resembles a business’s legitimate domain (think gogle.com instead of google.com) – the only way to seek a legal takedown is to issue a UDRP request through ICANN, the organization that oversees domain name registrations. That process can take at least several weeks and cost thousands of dollars per domain.

Worse, if you make a mistake in the filing and your claim is denied, you’re probably out of luck. “A denied UDRP case typically cannot be re-filed unless there are extraordinary circumstances such as misconduct by a Panelist or party,” according to the CIIDRC, a Canadian organization that assists with domain name disputes.

Alternatively, if you hire a cybersecurity company to perform a takedown, you’re likely to see the lookalike domain removed within about eighteen hours – and you won’t need to submit voluminous information to prove your case or worry about being subjected to the whims of a complicated process.

Social media impersonation

The outcomes are similar when you’re dealing with a social media profile that impersonates your company.

Although most social media platforms, like Meta and X, have legal departments that you can contact to request takedowns, expect to wait at least a week even to get a response to a claim, and possibly much longer for the company to take action and shut down an account.

In contrast, a cybersecurity company with experience in takedowns could likely remove the account in less than twenty-four hours. It would do this by leveraging its relationship with the social media platform to report the offending account for having violated the platform’s terms of service.

Most of the time, cybersecurity experts move faster than lawyers

The bottom line: Lawyers have an important role to play in cybersecurity, and they are especially vital when dealing with challenges like navigating the compliance impact of a breach or filing cyberinsurance claims. But if your main goal is to remove malicious content as quickly as possible, a team of cybersecurity experts are likely to deliver faster results – and with less effort on your part.

So, by all means, keep a lawyer in your list of contacts in case you need guidance when dealing with a threat. But make sure you have a cybersecurity team like Cyberint on speed dial. At Cyberint, we specialize in takedowns using whichever methods are necessary to protect our customers’ brands and reputations – and in many cases, we deliver results within hours.

Learn more about how we protect businesses by requesting a demo.