The Brand Warfare CMOs must fight in the face of data breaches and cybersecurity attacks
Transparency, willingness, a unified approach to communication – both proactive and reactive – and perspective are key for brands preparing for and navigating through a cyber data breach, say several industry experts.
In the past week, several global brands uncovered serious data breaches in which cyber hackers stole millions of customer records, employee and company information, and IP source code. The importance of these breaches has raised sensitive questions about how companies protect corporate and customer data in the age of increasingly sophisticated cybersecurity attacks and growing privacy concerns in the digital age.
Last week, McDonalds confirmed that cyber hackers had breached its security and stole data from systems in the US, South Korea and Taiwan. The allegedly disclosed breach eEmployee and franchisee data, as well as information on restaurants and the measurement of physical playgrounds. In particular, it also included customer emails, phone numbers and addresses of delivery customers in South Korea and Taiwan.
Audi and Volkswagen US and Canadian customers were even less happy. In data breach documents filed with law enforcement agencies, parent company Volkswagen Group of America confirmed that up to 3.3 million customer records could have been disclosed as a result of a data breach. The company said it was informed on March 20, 21 that an unauthorized person had hacked into its systems and obtained customer information from Audi, Volkswagen and some authorized dealers. The exposed data was available on the internet between August 2019 and May 2021 and may contain customer contact information as well as more sensitive information such as social security and credit numbers.
In the same week, hackers also claimed they stole more than 780 GB of Electronics Arts (EA) data, including game source code and “related internal tools”. The company quickly confirmed that no player data was accessed during the network breach or that the hackers were suspected of invading players’ privacy.
Jonathan Knudsen, Senior Security Strategist for Synopsys Software Integrity Group, Security Software Testing GMO that as more and more people around the world move critical functions and data into software and cloud-based systems, criminals will continue to intensify their efforts to steal money, information, or otherwise monetize its value. He found that many organizations also underestimate or do not fully understand the risks of purchasing, deploying, configuring, and using software. As a result, they lack a proactive approach to security, security breaches, ransomware attacks and tradeoffs.
For Check Point Software Technologies cybersecurity evangelist Ashwin Ram, the latest breaches show how successful attackers are in winning the cyber war against companies. He referred to Check Point Research, which found the number of cyber attacks in the Asia-Pacific region increased by 168 percent year-on-year between May 2020 and May 2021 alone.
“These data breaches are just the latest examples of the increasing frequency of cyberattacks on businesses.” blackberry CMO, Mark Wilson, agreed. “Every day we wake up to the news that another company has suffered a cyber attack or a data breach.”
Wilson also cited an increase in cyberattacks over the past year and during the pandemic as cybercriminals exploited new vulnerabilities uncovered by the abrupt shift to more dispersed workforces.
“This has put companies at new risk as employees access corporate networks from insecure home networks and devices,” he said. “Now that we’re turning the corner with Covid and people are back in the office, companies are facing a whole host of new security concerns about devices that are unpatched and outdated.”
Another concern is how fast these cyber criminals are develop their approach. One emerging trend that Ram highlighted was triple extortion, in which cyber criminals go beyond a ransom from the injured organization and attempt to extort money from victims in stolen databases.
While the recent security breaches are not convinced, they are more serious than those of the last month or year. However, Gabriel Bassett, Senior Information Data Scientist at Verizon Enterprise Solutions, found that all consumers were becoming more sensitive to cybersecurity and how it affects our lives. The Verizon Data Breach Investigations Report (DBIR) 2021 found that credential-based violations like Electronic Arts, bugs like that at Audi and Volkswagen, and even more complex violations like McDonalds are trends that go back years.
“Now, however, the spate of ransomware attacks affecting billing systems and closing businesses that have a direct impact on consumers has brought security to the fore,” said Bassett.
The founder of the dedicated RedPhone Cyber task force for cyber crisis communications, Jonathan Englert, said GMO The recent data breaches at McDonalds, EA and Volkswagen show how widespread the privacy issue is and how vulnerable brands are.
“However, our concerns about yesterday’s personal data breaches, such as our driver’s licenses, are less important than what’s likely to come next, and in many cases already there: much more detailed personal data and information that is used in more sophisticated illegal ways .” he said.
Implications for brands
IT directors and chief security officers have a clear task ahead of them, but the big question is why should this matter for marketing directors. How can these violations affect the way customers view brands that collect and use their data for engagement, communication, personalization, and targeting? Are more cyberattacks making customers more reluctant to share their data or to interact with brands that want to collect their data in different ways? And what can marketers do about it?
Industry leaders agree: Violations damage brands and reputation. According to the Ponemon Institute 2020 Data Breach Cost Report, lost business costs accounted for nearly 40 percent of the average total cost of a data breach, increasing from $ 1.42 million in the 2019 study to $ 1.52 million in the 2020 study.
“When customers read the headlines about a data breach in an organization they use, they are naturally concerned about criminal access to their information and will be reluctant to do business with that brand in the future,” said Knudsen.
Ram also highlighted other lost business costs, such as increased customer sales, lost revenue due to system downtime, and increasing business acquisition costs due to decreased reputation. For Wilson, marketers should be careful that an organization’s ability to demonstrate and communicate adequate safeguards for critical data helps them gain and maintain consumer trust.
“A company’s failure to secure data and compromise visibility into data usage poses a threat to the company’s reputation and brand,” said Wilson. He added that IDC figures show that 80 percent of consumers will go out of business if their personal information has been compromised.
“It is difficult – if not impossible – to build trust when there is no transparency between a company and its customers,” said Wilson. “And when new reports of data breaches and cyberattacks are released, it will raise public awareness and undermine consumer confidence that businesses can adequately protect their data and privacy.”
A recent survey by Cisco Wilson also found that 60 percent of respondents are concerned about how their data is protected while they work, study, and even visit the doctor remotely using video streaming and cloud applications. Almost a third (31 percent) have concerns that their data will be used for unrelated purposes, and one in four feared that data will be too broadly shared with third party companies. The main source of this concern is the lack of insight into what companies are doing with this data.
Next up: The role of CMOs in preventing and copying data breaches and cybersecurity attacks