BUSINESS AND TECHNOLOGY INSIGHTS

Why CMOs Are Integral to Data Protection and Fortifying Brand Image

 
June 11, 2019

The Equifax breach in 2017 was a watershed moment for companies across the world, with millions of accounts and huge volumes of personally identifiable information (PII) being hacked. The event severely damaged Equifax’s brand image – its brand perception score dropped from zero to -33 in ten days after the breach.

One of the takeaways from the Equifax story is the indisputable negative impact on brand image that follows a breach – and the wider impact of cybersecurity on business. Cybersecurity has traditionally been the stronghold of a CISO or CIO, but a Deloitte study found that only 16% of cyber executives in the food and beverage sector (where brand plays a critical role) were worried about brand image. It is the CMO who faces the brunt of the damage, and works to resuscitate brand goodwill after the attack. CMOs are also involved in introducing some new-age technologies that might be susceptible to hackers. Therefore, CMOs need to give some thought to enterprise cybersecurity programs.

Cybersecurity Challenges in Implementing Marketing Technologies

Marketing touch points such as digital, social, and mobile channels, remain open to risk until CMOs include cybersecurity under their portfolio. Some risks include:

Identity and Access Management (IAM) Many digital businesses have web and mobile APIs as their backbone. Traditional IAM solutions, primarily designed for internal and employees and vendor access, have challenges managing access to consumer data. A well-planned IAM program removes duplication, enables transparency, and strengthens authentication so that high-level risks are mitigated. Therefore, enterprises should design appropriate identity and access management (IAM) processes and invest in the right technologies that provide a single view of marketers having access to personal data.

Website Vulnerabilities Hackers can exploit insecure code on enterprise websites to take over and leak sensitive data, insert untrusted third-party links and manipulate SEO, steal user data and attack the enterprise network. Having malicious code on your website is a sure-fire way to raise a red flag with Google. It will alert your website visitors with the infamous malware warning, or get you delisted or hamper your search engine ranking. Detailed static and dynamic application security testing scans should be carried out to identify vulnerabilities. Vulnerability management service providers can help CMOs with application penetration testing, set up secured DevOps processes, and manage the overall vulnerability program for the enterprise. Secured communication protocols and latest encryption standards can further secure websites, besides periodical technology and network audits to ensure patches are updated. Managed security service providers offer real-time monitoring, advanced contextual analysis, and better visibility through customized reports and dashboards to proactively prevent, detect, and address security threats.

Mobile Security Assurance For CMOs aiming excellence in customer experience, a responsive website and omnichannel communication are imperative. Mobile phones and the apps in them have vulnerabilities of their own. Data at rest within the application in a phone and the data in motion outside the application must be secured for confidentiality, integrity, availability, nonrepudiation, and authentication. In mobile operating system, applications are protected by sandboxing. By granting the right and limited permission, unauthorized application access and sensitive information leakage can be avoided. This protection needs to be emphasized in communication within the application and between the applications and verified during security testing. 

Reverse engineering a mobile application is another method to extract the source code of the application and to combat information leaks. Reading the source code can help the security analyst to understand defense mechanisms for authentication, man in the middle, and malicious app attacks. Needless to say, a strong SSL encryption and a good server configuration can mitigate the adverse effect of untrusted networks and lead session hijacking.

Plugins and Third-Party Applications Security Third-party campaign management and social platforms also demand a CMO’s special attention as their vulnerabilities can violate customers’ data privacy. Cybersecurity should be one of the key parameters when a CMO evaluates such third-party vendors/technology platforms. Strategic consulting partners help in vendor risk assessment.

Data Security A lot of marketing efforts today deal with collecting and then using data for well-directed marketing activities. While this makes marketing more effective, it also puts a huge amount of confidential data in the hands of unsuspecting marketers. Data breaches and consequent legal liabilities can be avoided, through data leakage prevention (DLP) solutions at different egress points within enterprise network. Network and host-based intrusion prevention solutions can secure multiple layers of the enterprise network as well.

Determining Data Ownership With massive volumes of customer data housed inside an enterprise, establishing ownership in-line with regulatory mandates is critical. CMOs must work closely with IT teams, devising strategies and protocols for mapping data pathways. Given that much of this enters through marketing channels, CMOs can collaborate with their SaaS vendors to iron-out any ambiguity around ownership, regardless of whether the data is classified as PII or not.

Cybersecurity Operations Centers With increasing number of data protection laws being enforced, there is a need for a unified cybersecurity operations center (SOC) that can monitor an enterprise’s security posture on an ongoing basis. A strategic partner can help enterprises operate such SOCs either independently or through a shared model with other enterprises.  

CMOs are constantly seeking to expand their technology stack in pursuit of enterprise agility, marketing productivity, and readiness for the digital-native customer. Vigilant CMOs who work hand in hand with their CIOs/CISOs at both policy and tactical level can successfully combat cyber threats. Collaborating with an expert partner to ensure compliance to government mandates, vendor risk assessment, identity access management, and vulnerability management for device, app, network, and other end-points can smoothen the CMOs’ digital transformation journey.

Connect with us at the Blackhat USA event between August 3-8, 2019 at Las Vegas  or write to us at cyber.security@tcs.com and qet.marketing@tcs.com to find out more about TCS’ cybersecurity and quality engineering solutions

Tags

Siddharth Venkataraman is a data privacy and protection consultant with the Cybersecurity practice at TCS. He has evaluated organizational privacy posture to enhance privacy maturity and compliance capabilities for companies across Europe and the United States. His current responsibility includes client partnering for cybersecurity solutions across the UK and Europe. Siddharth holds an MBA with a focus on analytics and finance from the Great Lakes Institute of Management.

 

Divya Ravindran is a solution architect for security with the Quality Engineering and Transformation practice at TCS. With more than a decade’s experience, she has focused on assurance for mobile and web application security solutions. Divya has worked closely with many Fortune 500 clients of TCS advising them on secure development cycle, tool management, and security testing. One of the key engagements include providing mobile security solution for a major car rental company that won a TESTA award in the Best Mobile Project category in 2015. She is also an expert in smart card technology.