Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/16/2017
02:00 PM
Tom Kellermann
Tom Kellermann
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

The Day of Reckoning: Cybercrime’s Impact on Brand

Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.

American cyberspace has become a brave new world. The second quarter of 2017 ushered in a wave of cyber attacks, many of which directly impacted the operational and reputational risk of multinational corporations. FedEx Corp, Danish shipping company AP Moller-Maersk S/A are among six corporations which reported financial damage from cyber attacks last quarter, according to the Poneman Institute, which also projects collateral damage associated with these attacks will surpass the cost of the loss of customer data by year end. 

This new face of cybercrime directly impacts a corporation’s reputation. Recently Oxford Economics, which studied severe breaches at 65 listed companies, found that breaches tend to lead to share prices falling by an average of 1.8%.   

Major breaches over the past decade have also forced a consensus that compliance with security standards does not equate to cybersecurity. Consequently, security awareness within the C-suite is paramount for mitigating cyber-risk. But if responsibility to protect brands from cyber threats extends beyond those in technology, whose responsibility is it to protect the brand - the IT department or the marketing department? According to a study by Ponemon and Centrify released in February, 66% of IT practitioners do not think that brand protection is their responsibility while 45% of IT practitioners and 42% of CMOs believe that brand protection is not taken seriously by the C-suite. A full 71% of CMOs believe the biggest cost of a security incident is the loss of brand value; nearly half of the IT practitioners surveyed (49%) report brand diminishment as the biggest loss, according to the study. 

What do the consumers think about security? According to Ponemon, 31% of consumers will discontinue a relationship due to a data breach, but even higher numbers - 65% - will lose trust in the company. While IT professionals and CMOs agree that brand protection is directly impacted by cyber attacks, there is a disconnect about who should allocate resources to mitigate intrusions. According to a recent survey of chief marketing officers, CMOs currently oversee 11% of a corporation’s budget, most of which is allocated to digital marketing campaigns. It is imperative that a percentage of these monies be reallocated to cybersecurity. 

How Cybercrime is Metastasizing

Avoiding a network breach is a corporation’s ultimate measure of cybersecurity success, though the supposition that an adversary is already on one’s network is foundational for mitigating cybercrime. When a breach occurs, the exfiltration process is not immediate — a hacker must maneuver, explore, and collect information before she finds that which is valuable. Gone are the days of smash and grab cyber burglaries. Cybercriminals have transitioned from burglary to home invasion.

The more dwell time the adversary has in the environment, the longer it takes to detect and contain a data breach, the more costly it becomes to resolve, and the harder a brand’s reputation is hit. Victim organizations are experiencing multiple criminal schemes of monetization. Data is stolen and subsequently the brand is used against its constituency via watering hole attacks and business email compromise campaigns. In our ever more connected world, reputational risk has metastasized in 2017.

This explosion further illustrates the formidable dark side of globalization and cybercrime. As billions of people become connected, not all are ethical individuals.  The criminal world has migrated online; in the United Kingdom over 50% of crimes involve a cyber component, according to a 2016 National Crime Agency cybercrime assessment.

ROI of Brand Protection

The Ponemon Institute 2017 Cost of Data Breach Study diagnosed the relationship between the ROI associated with brand protection. The study calculates that costs of a data breach are in excess of $17 million. The cost breakdown takes into consideration customer turnover, amplified customer acquisition efforts, and general "reputation losses and diminished goodwill." The number one factor that impacts the cost is the time it takes to identify and contain a data breach. According to Ponemon, "the relationship between how quickly an organization can identify and contain data breach incidents impacts the financial consequences." 

The bottom line is that we must realize that there is a significant, unquantified loss associated with brand degradation, and that reputational risk management requires investing in a cybersecurity architecture that maximizes brand protection.

At the end of October, top experts on breaches and branding will be meeting with enterprise security professionals to explore the impact that data compromises may have on business. To find out more, go to Zero Day Con, and learn more about the direct correlation between cybersecurity investment and brand protection. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

 

Tom Kellermann is the chief cybersecurity officer for Carbon Black Inc. Prior to joining Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. On January 19, 2017 Tom was appointed the Wilson Center's Global Fellow for Cyber Policy in 2017. Tom previously ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...