Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/16/2017
02:00 PM
Tom Kellermann
Tom Kellermann
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

The Day of Reckoning: Cybercrime’s Impact on Brand

Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.

American cyberspace has become a brave new world. The second quarter of 2017 ushered in a wave of cyber attacks, many of which directly impacted the operational and reputational risk of multinational corporations. FedEx Corp, Danish shipping company AP Moller-Maersk S/A are among six corporations which reported financial damage from cyber attacks last quarter, according to the Poneman Institute, which also projects collateral damage associated with these attacks will surpass the cost of the loss of customer data by year end. 

This new face of cybercrime directly impacts a corporation’s reputation. Recently Oxford Economics, which studied severe breaches at 65 listed companies, found that breaches tend to lead to share prices falling by an average of 1.8%.   

Major breaches over the past decade have also forced a consensus that compliance with security standards does not equate to cybersecurity. Consequently, security awareness within the C-suite is paramount for mitigating cyber-risk. But if responsibility to protect brands from cyber threats extends beyond those in technology, whose responsibility is it to protect the brand - the IT department or the marketing department? According to a study by Ponemon and Centrify released in February, 66% of IT practitioners do not think that brand protection is their responsibility while 45% of IT practitioners and 42% of CMOs believe that brand protection is not taken seriously by the C-suite. A full 71% of CMOs believe the biggest cost of a security incident is the loss of brand value; nearly half of the IT practitioners surveyed (49%) report brand diminishment as the biggest loss, according to the study. 

What do the consumers think about security? According to Ponemon, 31% of consumers will discontinue a relationship due to a data breach, but even higher numbers - 65% - will lose trust in the company. While IT professionals and CMOs agree that brand protection is directly impacted by cyber attacks, there is a disconnect about who should allocate resources to mitigate intrusions. According to a recent survey of chief marketing officers, CMOs currently oversee 11% of a corporation’s budget, most of which is allocated to digital marketing campaigns. It is imperative that a percentage of these monies be reallocated to cybersecurity. 

How Cybercrime is Metastasizing

Avoiding a network breach is a corporation’s ultimate measure of cybersecurity success, though the supposition that an adversary is already on one’s network is foundational for mitigating cybercrime. When a breach occurs, the exfiltration process is not immediate — a hacker must maneuver, explore, and collect information before she finds that which is valuable. Gone are the days of smash and grab cyber burglaries. Cybercriminals have transitioned from burglary to home invasion.

The more dwell time the adversary has in the environment, the longer it takes to detect and contain a data breach, the more costly it becomes to resolve, and the harder a brand’s reputation is hit. Victim organizations are experiencing multiple criminal schemes of monetization. Data is stolen and subsequently the brand is used against its constituency via watering hole attacks and business email compromise campaigns. In our ever more connected world, reputational risk has metastasized in 2017.

This explosion further illustrates the formidable dark side of globalization and cybercrime. As billions of people become connected, not all are ethical individuals.  The criminal world has migrated online; in the United Kingdom over 50% of crimes involve a cyber component, according to a 2016 National Crime Agency cybercrime assessment.

ROI of Brand Protection

The Ponemon Institute 2017 Cost of Data Breach Study diagnosed the relationship between the ROI associated with brand protection. The study calculates that costs of a data breach are in excess of $17 million. The cost breakdown takes into consideration customer turnover, amplified customer acquisition efforts, and general "reputation losses and diminished goodwill." The number one factor that impacts the cost is the time it takes to identify and contain a data breach. According to Ponemon, "the relationship between how quickly an organization can identify and contain data breach incidents impacts the financial consequences." 

The bottom line is that we must realize that there is a significant, unquantified loss associated with brand degradation, and that reputational risk management requires investing in a cybersecurity architecture that maximizes brand protection.

At the end of October, top experts on breaches and branding will be meeting with enterprise security professionals to explore the impact that data compromises may have on business. To find out more, go to Zero Day Con, and learn more about the direct correlation between cybersecurity investment and brand protection. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

 

Tom Kellermann is the head cybersecurity strategist at VMware Carbon Black. Prior to joining VMware Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. In January 2017, Tom was appointed the Wilson Center's Global Fellow for Cyber Policy. Tom previously ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.