By Karl Swannie
As a marketing professional, are you fully prepared for a data security breach? When it is determined that confidential customer data has been stolen, and there will likely be a hefty price tag attempting to fix what went wrong, will you know how to react?
Finally, when the post-incident analysis occurs, will you know what your role should be? And more importantly, be able to execute whatever measures will be needed in a fast and timely manner?
Why marketers should care
The direct marketer who thinks a security strategy should be dictated by the IT department is making a serious mistake. For a chasm has been crossed between the marketing and IT security teams and there is no going back. There are no longer black-and-white lines, but instead there is a steady shade of grey.
There are also new regulatory requirements that must be adhered to under the Personal Information Protection and Electronic Documents Act (PIPEDA). Any breach that creates a “real risk of significant harm” must now be reported to the Privacy Commissioner’s Office and all individuals affected notified.
Meanwhile, findings in an annual global study, Cost of a Data Breach, by IBM Security and conducted by the Ponemon Institute, found that hidden costs in data breaches such as lost business, negative impact on reputation and employee time spent on recovery are difficult and expensive to manage. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8% year over year to US$148, findings revealed.
“The goal of our research is to demonstrate the value of good data protection practices and the factors that make a tangible difference in what a company pays to resolve a data breach,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “While data breach costs have been rising steadily over the history of the study, we see positive signs of costs savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce those costs.”
This is incredibly important, particularly when you consider results of another report that found 75% of consumers in the U.S. said they will not do business with companies that they do not trust to protect their data. It is unlikely that sentiment would change here in Canada or anywhere else in the world for that matter.
What can marketers do?
Last year’s IBM/Ponemon study, for the first time, examined, it said, “the effect of security automation tools, which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach.”
“The analysis found that organizations that had extensively deployed automated security technologies saved over US$1.5 million on the total cost of a breach (US$2.88 million compared to US$4.43 million for those who had not deployed security automation),” said the study.
While those are big dollar numbers and likely equate to a larger organization, the use of technology advances such as open source intelligence (OSINT) can also be a pivotal tool for the direct marketer. They can use them not only protect a brand but gain an understanding of what is occurring both in the social media space and on the dark web.
Monitoring social media activity about your brand or your organization allows you to be informed and be proactive in any decision-making that may occur. It is also safe to say that the more social media data is created, the better the potential for OSINT to work properly. And since it is now the marketing team’s responsibility to monitor that data, it forces everyone to be aware of any suspicious or alarming posts and keep up to date on any activity that may occur.
By that simple act, direct marketers can now play a key role in the overall security strategy of an organization. They can alert the IT department should there be concerns about the brand and/or the overall business.
The relationship between marketing and IT becomes symbiotic and even more important when it comes to the dark web. This is the home of the real bad dudes who design creative data breaches, sell stolen personal information, obtain contraband, get advice on performing nefarious acts and if they want, can be your own worst nightmare.
The dark web is where marketplaces such as Dream Market flourished before being shut down. But that is not a problem because at any one time an OSINT offering can uncover as many as 25 similar sites. It can also detect and track potentially harmful conversations in any language.
The time spent using OSINT tools in social media and learning more about dark web activity related to your business could, in the end, prevent a data breach. Armed with knowledge that can be passed on to an IT security team and others, measures can be put in place that will help protect your organization from losing the trust from the one group you simply cannot afford to lose: your customer base.
Karl Swannie is the CEO of Victoria, B.C.-based Echosec Systems Ltd. (www.echosec.net), creators of a data discovery platform of the same name and Beacon, an OSINT tool that allows an organization to safely search the dark web. A well-known technical thought-leader and former chief technical officer, Karl comes from a 20-year career in geographic and land information management systems, where he worked with organizations such as Mercedes-Benz, Amtrak, Coca-Cola and Verizon.