Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/16/2017
02:00 PM
Tom Kellermann
Tom Kellermann
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

The Day of Reckoning: Cybercrime’s Impact on Brand

Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.

American cyberspace has become a brave new world. The second quarter of 2017 ushered in a wave of cyber attacks, many of which directly impacted the operational and reputational risk of multinational corporations. FedEx Corp, Danish shipping company AP Moller-Maersk S/A are among six corporations which reported financial damage from cyber attacks last quarter, according to the Poneman Institute, which also projects collateral damage associated with these attacks will surpass the cost of the loss of customer data by year end. 

This new face of cybercrime directly impacts a corporation’s reputation. Recently Oxford Economics, which studied severe breaches at 65 listed companies, found that breaches tend to lead to share prices falling by an average of 1.8%.   

Major breaches over the past decade have also forced a consensus that compliance with security standards does not equate to cybersecurity. Consequently, security awareness within the C-suite is paramount for mitigating cyber-risk. But if responsibility to protect brands from cyber threats extends beyond those in technology, whose responsibility is it to protect the brand - the IT department or the marketing department? According to a study by Ponemon and Centrify released in February, 66% of IT practitioners do not think that brand protection is their responsibility while 45% of IT practitioners and 42% of CMOs believe that brand protection is not taken seriously by the C-suite. A full 71% of CMOs believe the biggest cost of a security incident is the loss of brand value; nearly half of the IT practitioners surveyed (49%) report brand diminishment as the biggest loss, according to the study. 

What do the consumers think about security? According to Ponemon, 31% of consumers will discontinue a relationship due to a data breach, but even higher numbers - 65% - will lose trust in the company. While IT professionals and CMOs agree that brand protection is directly impacted by cyber attacks, there is a disconnect about who should allocate resources to mitigate intrusions. According to a recent survey of chief marketing officers, CMOs currently oversee 11% of a corporation’s budget, most of which is allocated to digital marketing campaigns. It is imperative that a percentage of these monies be reallocated to cybersecurity. 

How Cybercrime is Metastasizing

Avoiding a network breach is a corporation’s ultimate measure of cybersecurity success, though the supposition that an adversary is already on one’s network is foundational for mitigating cybercrime. When a breach occurs, the exfiltration process is not immediate — a hacker must maneuver, explore, and collect information before she finds that which is valuable. Gone are the days of smash and grab cyber burglaries. Cybercriminals have transitioned from burglary to home invasion.

The more dwell time the adversary has in the environment, the longer it takes to detect and contain a data breach, the more costly it becomes to resolve, and the harder a brand’s reputation is hit. Victim organizations are experiencing multiple criminal schemes of monetization. Data is stolen and subsequently the brand is used against its constituency via watering hole attacks and business email compromise campaigns. In our ever more connected world, reputational risk has metastasized in 2017.

This explosion further illustrates the formidable dark side of globalization and cybercrime. As billions of people become connected, not all are ethical individuals.  The criminal world has migrated online; in the United Kingdom over 50% of crimes involve a cyber component, according to a 2016 National Crime Agency cybercrime assessment.

ROI of Brand Protection

The Ponemon Institute 2017 Cost of Data Breach Study diagnosed the relationship between the ROI associated with brand protection. The study calculates that costs of a data breach are in excess of $17 million. The cost breakdown takes into consideration customer turnover, amplified customer acquisition efforts, and general "reputation losses and diminished goodwill." The number one factor that impacts the cost is the time it takes to identify and contain a data breach. According to Ponemon, "the relationship between how quickly an organization can identify and contain data breach incidents impacts the financial consequences." 

The bottom line is that we must realize that there is a significant, unquantified loss associated with brand degradation, and that reputational risk management requires investing in a cybersecurity architecture that maximizes brand protection.

At the end of October, top experts on breaches and branding will be meeting with enterprise security professionals to explore the impact that data compromises may have on business. To find out more, go to Zero Day Con, and learn more about the direct correlation between cybersecurity investment and brand protection. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

 

Tom Kellermann is the chief cybersecurity officer for Carbon Black Inc. Prior to joining Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. On January 19, 2017 Tom was appointed the Wilson Center's Global Fellow for Cyber Policy in 2017. Tom previously ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I've never actually seen the corporate ladder before.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18898
PUBLISHED: 2020-01-23
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14...
CVE-2019-19837
PUBLISHED: 2020-01-23
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
CVE-2020-7210
PUBLISHED: 2020-01-23
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVE-2019-19835
PUBLISHED: 2020-01-23
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.
CVE-2020-5216
PUBLISHED: 2020-01-23
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seei...