As part of a series exploring cybersecurity and its impact on consumers, marketers, and marketing (see here for Part 1 and Part 2), I talked with Holly Rollo, the CMO of RSA, a Dell Technologies business. RSA solutions enable customers worldwide to deliver business-driven security strategies. The following focuses on the consequences of cyber attacks.
Whitler: What are the consequences of cyber attacks?
Rollo: Many people are under the impression that is the worst thing that can happen is that data is taken. However, industries such as utilities, oil and gas, transportation, chemical/critical manufacturing, etc. all rely on industrial control systems (ICS), which leverage IT to control physical machinery. Compromise and manipulation of these systems can have disastrous consequences on public safety, health, the environment and even the economy.
The Internet of Things (IoT): fitness trackers, home thermostats, and security systems, medical devices, WIFI printers, self-piloting cars beg all kinds of questions. They can be exploited to access other connected devices or manipulated to cause mayhem in and of themselves.
Today’s interconnected business ecosystems create complex relationships and unlimited opportunities for a motivated hacker. For example, if the target is a certain notable executive and the objective is retribution through reputational damage, his/her legal counsel might be a place to start, not as the final target, but a launching point for a social engineering or email spear phishing attack that will ultimately get to that executive. Many legal and accounting firms are small businesses that may be unaware of these types of risks and have limited resources to address them.
Also, as mentioned previously, exposing, corrupting, or threatening alternative uses of certain information can result in a wide range of consequences, many of which we have yet to imagine.
Whitler: Where are the biggest vulnerabilities?
Rollo: There are many potential vulnerabilities. Organizations have spent millions of dollars on preventative technologies hoping to plug holes or add enough layers and walls to ‘gate’ attacks. This is inherently flawed thinking. We aren’t dealing with a ‘bug’, we are dealing with human ingenuity – which is a powerful thing. Threat actors spend much more time finding and planning ways to exploit vulnerabilities or designing ways to hide what they are doing. Often, the path of least resistance is through people. I think almost everyone sees email phishing scams that try to get you to click on a link or enter your password in a form. What they don’t realize is that if they fall for them, this is akin to letting a hacker in the front door, allowing them to impersonate you and gain access to the company network. In almost every successful cyber attack, some form of compromised identity is being exploited, whether it’s a stolen password, access that a user shouldn’t have, or a user account that should have been shut down. This is why the security industry calls identity the most consequential attack vector.
Whitler: How has the development of new technology, like mobile and cloud, impacted the vulnerability?
Rollo: Organizations are increasingly relying on modern IT environments – including mobile, apps and cloud to improve efficiency. However, these new technologies have dramatically diversified and increased the attack surface (defined as all the different potential points of entry into an organization). Unfortunately, many organizations are still putting the majority of their security investments in preventative technologies that aren’t designed to stop every intrusion into this complex, dynamic infrastructure.
For more insight, see the following articles: A Wakeup Call to Marketers: The Perfect Cybersecurity Storm is Approaching and Why Marketers Should Care about Cybersecurity
Join the Discussion: @KimWhitler and @HollyRollo