The Equifax breach in 2017 was a watershed moment for companies across the world, with millions of accounts and huge volumes of personally identifiable information (PII) being hacked. The event severely damaged Equifax’s brand image – its brand perception score dropped from zero to -33 in ten days after the breach.
One of the takeaways from the Equifax story is the indisputable negative impact on brand image that follows a breach – and the wider impact of cybersecurity on business. Cybersecurity has traditionally been the stronghold of a CISO or CIO, but a Deloitte study found that only 16% of cyber executives in the food and beverage sector (where brand plays a critical role) were worried about brand image. It is the CMO who faces the brunt of the damage, and works to resuscitate brand goodwill after the attack. CMOs are also involved in introducing some new-age technologies that might be susceptible to hackers. Therefore, CMOs need to give some thought to enterprise cybersecurity programs.
Cybersecurity Challenges in Implementing Marketing Technologies
Marketing touch points such as digital, social, and mobile channels, remain open to risk until CMOs include cybersecurity under their portfolio. Some risks include:
Identity and Access Management (IAM) Many digital businesses have web and mobile APIs as their backbone. Traditional IAM solutions, primarily designed for internal and employees and vendor access, have challenges managing access to consumer data. A well-planned IAM program removes duplication, enables transparency, and strengthens authentication so that high-level risks are mitigated. Therefore, enterprises should design appropriate identity and access management (IAM) processes and invest in the right technologies that provide a single view of marketers having access to personal data.
Website Vulnerabilities Hackers can exploit insecure code on enterprise websites to take over and leak sensitive data, insert untrusted third-party links and manipulate SEO, steal user data and attack the enterprise network. Having malicious code on your website is a sure-fire way to raise a red flag with Google. It will alert your website visitors with the infamous malware warning, or get you delisted or hamper your search engine ranking. Detailed static and dynamic application security testing scans should be carried out to identify vulnerabilities. Vulnerability management service providers can help CMOs with application penetration testing, set up secured DevOps processes, and manage the overall vulnerability program for the enterprise. Secured communication protocols and latest encryption standards can further secure websites, besides periodical technology and network audits to ensure patches are updated. Managed security service providers offer real-time monitoring, advanced contextual analysis, and better visibility through customized reports and dashboards to proactively prevent, detect, and address security threats.
Mobile Security Assurance For CMOs aiming excellence in customer experience, a responsive website and omnichannel communication are imperative. Mobile phones and the apps in them have vulnerabilities of their own. Data at rest within the application in a phone and the data in motion outside the application must be secured for confidentiality, integrity, availability, nonrepudiation, and authentication. In mobile operating system, applications are protected by sandboxing. By granting the right and limited permission, unauthorized application access and sensitive information leakage can be avoided. This protection needs to be emphasized in communication within the application and between the applications and verified during security testing.
Reverse engineering a mobile application is another method to extract the source code of the application and to combat information leaks. Reading the source code can help the security analyst to understand defense mechanisms for authentication, man in the middle, and malicious app attacks. Needless to say, a strong SSL encryption and a good server configuration can mitigate the adverse effect of untrusted networks and lead session hijacking.
Plugins and Third-Party Applications Security Third-party campaign management and social platforms also demand a CMO’s special attention as their vulnerabilities can violate customers’ data privacy. Cybersecurity should be one of the key parameters when a CMO evaluates such third-party vendors/technology platforms. Strategic consulting partners help in vendor risk assessment.
Data Security A lot of marketing efforts today deal with collecting and then using data for well-directed marketing activities. While this makes marketing more effective, it also puts a huge amount of confidential data in the hands of unsuspecting marketers. Data breaches and consequent legal liabilities can be avoided, through data leakage prevention (DLP) solutions at different egress points within enterprise network. Network and host-based intrusion prevention solutions can secure multiple layers of the enterprise network as well.
Determining Data Ownership With massive volumes of customer data housed inside an enterprise, establishing ownership in-line with regulatory mandates is critical. CMOs must work closely with IT teams, devising strategies and protocols for mapping data pathways. Given that much of this enters through marketing channels, CMOs can collaborate with their SaaS vendors to iron-out any ambiguity around ownership, regardless of whether the data is classified as PII or not.
Cybersecurity Operations Centers With increasing number of data protection laws being enforced, there is a need for a unified cybersecurity operations center (SOC) that can monitor an enterprise’s security posture on an ongoing basis. A strategic partner can help enterprises operate such SOCs either independently or through a shared model with other enterprises.
CMOs are constantly seeking to expand their technology stack in pursuit of enterprise agility, marketing productivity, and readiness for the digital-native customer. Vigilant CMOs who work hand in hand with their CIOs/CISOs at both policy and tactical level can successfully combat cyber threats. Collaborating with an expert partner to ensure compliance to government mandates, vendor risk assessment, identity access management, and vulnerability management for device, app, network, and other end-points can smoothen the CMOs’ digital transformation journey.
Connect with us at the Blackhat USA event between August 3-8, 2019 at Las Vegas or write to us at email@example.com and firstname.lastname@example.org to find out more about TCS’ cybersecurity and quality engineering solutions