Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/16/2017
02:00 PM
Tom Kellermann
Tom Kellermann
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

The Day of Reckoning: Cybercrime’s Impact on Brand

Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.

American cyberspace has become a brave new world. The second quarter of 2017 ushered in a wave of cyber attacks, many of which directly impacted the operational and reputational risk of multinational corporations. FedEx Corp, Danish shipping company AP Moller-Maersk S/A are among six corporations which reported financial damage from cyber attacks last quarter, according to the Poneman Institute, which also projects collateral damage associated with these attacks will surpass the cost of the loss of customer data by year end. 

This new face of cybercrime directly impacts a corporation’s reputation. Recently Oxford Economics, which studied severe breaches at 65 listed companies, found that breaches tend to lead to share prices falling by an average of 1.8%.   

Major breaches over the past decade have also forced a consensus that compliance with security standards does not equate to cybersecurity. Consequently, security awareness within the C-suite is paramount for mitigating cyber-risk. But if responsibility to protect brands from cyber threats extends beyond those in technology, whose responsibility is it to protect the brand - the IT department or the marketing department? According to a study by Ponemon and Centrify released in February, 66% of IT practitioners do not think that brand protection is their responsibility while 45% of IT practitioners and 42% of CMOs believe that brand protection is not taken seriously by the C-suite. A full 71% of CMOs believe the biggest cost of a security incident is the loss of brand value; nearly half of the IT practitioners surveyed (49%) report brand diminishment as the biggest loss, according to the study. 

What do the consumers think about security? According to Ponemon, 31% of consumers will discontinue a relationship due to a data breach, but even higher numbers - 65% - will lose trust in the company. While IT professionals and CMOs agree that brand protection is directly impacted by cyber attacks, there is a disconnect about who should allocate resources to mitigate intrusions. According to a recent survey of chief marketing officers, CMOs currently oversee 11% of a corporation’s budget, most of which is allocated to digital marketing campaigns. It is imperative that a percentage of these monies be reallocated to cybersecurity. 

How Cybercrime is Metastasizing

Avoiding a network breach is a corporation’s ultimate measure of cybersecurity success, though the supposition that an adversary is already on one’s network is foundational for mitigating cybercrime. When a breach occurs, the exfiltration process is not immediate — a hacker must maneuver, explore, and collect information before she finds that which is valuable. Gone are the days of smash and grab cyber burglaries. Cybercriminals have transitioned from burglary to home invasion.

The more dwell time the adversary has in the environment, the longer it takes to detect and contain a data breach, the more costly it becomes to resolve, and the harder a brand’s reputation is hit. Victim organizations are experiencing multiple criminal schemes of monetization. Data is stolen and subsequently the brand is used against its constituency via watering hole attacks and business email compromise campaigns. In our ever more connected world, reputational risk has metastasized in 2017.

This explosion further illustrates the formidable dark side of globalization and cybercrime. As billions of people become connected, not all are ethical individuals.  The criminal world has migrated online; in the United Kingdom over 50% of crimes involve a cyber component, according to a 2016 National Crime Agency cybercrime assessment.

ROI of Brand Protection

The Ponemon Institute 2017 Cost of Data Breach Study diagnosed the relationship between the ROI associated with brand protection. The study calculates that costs of a data breach are in excess of $17 million. The cost breakdown takes into consideration customer turnover, amplified customer acquisition efforts, and general "reputation losses and diminished goodwill." The number one factor that impacts the cost is the time it takes to identify and contain a data breach. According to Ponemon, "the relationship between how quickly an organization can identify and contain data breach incidents impacts the financial consequences." 

The bottom line is that we must realize that there is a significant, unquantified loss associated with brand degradation, and that reputational risk management requires investing in a cybersecurity architecture that maximizes brand protection.

At the end of October, top experts on breaches and branding will be meeting with enterprise security professionals to explore the impact that data compromises may have on business. To find out more, go to Zero Day Con, and learn more about the direct correlation between cybersecurity investment and brand protection. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

 

Tom Kellermann is the head cybersecurity strategist at VMware Carbon Black. Prior to joining VMware Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. In January 2017, Tom was appointed the Wilson Center's Global Fellow for Cyber Policy. Tom previously ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13934
PUBLISHED: 2020-07-14
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
CVE-2020-13935
PUBLISHED: 2020-07-14
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of ser...
CVE-2020-15721
PUBLISHED: 2020-07-14
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVE-2020-7592
PUBLISHED: 2020-07-14
A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic ...
CVE-2020-7593
PUBLISHED: 2020-07-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticate...