Prepare to Battle Digital Swiftboats … and Other Cyber Threats in 2017

Cyber Security

Your Reputation is Now a Target of Cyber Criminals

Your organization will be hacked. That is the new reality. Up until now, the battle has been containment: the robbers (i.e., hackers) may get past your front door, so the strategy is to keep them out of your vault (e.g., social security numbers, credit card numbers, etc.). But, what if the new target for hackers isn’t in your vault? As the 2016 election proved, and a recent report by cognito (Strategic Threat Trends to Watch in 2017) highlights, we are now in a new game where the robber wins even if they don’t get to the vault. So how can your organization prepare for this new game?

Up until now, the primary threats that most organizations have prepared for include: phishing, ransomware, DDoS, and internal bad actors.  However, there are three relatively new threats that pose a serious risk to organizations:

Email Hack: For the purpose of this point, as difficult as it may be, let’s ignore the politics surrounding the email hacks from the 2016 election. What is important is that these incidents highlighted —for the first time for most organizations — that a prime target for hackers is not just the servers with credit cards and social security numbers, but the emails from executives and staff. If your emails are hacked, what competitive intelligence will the hackers receive about your company and customers?  What will embarrass your executives and the broader organization?

Digital Swiftboating: This is the No. 1 threat highlighted in cognito’s report for 2017 trends to watch. As the report states, these attacks are “the rapid use of media, especially social media, to damage brands, sometimes for financial gain (including to benefit activist shareholders or in attempts to manipulate stock price). This type of attack can include specious/unsubstantiated claims that can pose major threats to high profile brands.”

Indirect Media Approach: Also highlighted in cognito’s report, this tactic involves the hackers creating a false story to distract the organization’s focus — and then executing a cyber attack while their attention is diverted.

What these three new tactics demonstrate is that an organization’s reputation is both a new end goal for, and a new tool to be used by, hackers. So, how do organizations prepare for this new front?

  1. Protect your company’s emails as much as you protect your customers’ personal data.  Many questions will need to be answered by the IT experts on how to do this, but it may also be time for organizations to consider policies surrounding how long they allow the emails to be retained.
  2. Employee training continues to be critical.  Most organizations are taking employee training for cyber protection fairly seriously — and, if you’re not, then you should be. But, in addition to training against phishing attacks and teaching employees to not click on “that email,” your employees need to be trained about email protocol. That way, they don’t embarrass the company, or reveal sensitive information, when their emails are hacked.
  3. Use influencers to counter fake news.  This is where your influencer engagement work will be the most critical. Deploy these external voices to counter the fake news, while keeping your internal resources focused on the defense.
  4. Elevate your communications team.  Up until now, the communications team is often either in the middle or toward the bottom of the list of people who would be in the room with the CEO or the board when planning for the next cyber incident. However, as these three new tactics show, your reputation may be the new target. Just as your IT folks protect the data, your communications team are the experts at protecting your reputation. This team needs to be elevated to the top of the CEO and board’s attention to prevent these new threats and prevent them damaging your reputation.
  5. Plan, train and remain agile.  Dust off that crisis playbook and update it to reflect these new threats, then run crisis drills in advance to prepare for the new scenarios. And, of course, remain agile. Your opponents are often defining the speed of the crisis — whether it be a massive breach at one time, or a slow trickle of fake news to build to an event. Your job is to remain agile to defend against all of these attacks — and be ready to adapt to the situation, quickly.

Tagged In

Cybersecurity

Prepare to Battle Digital Swiftboats … and Other Cyber Threats in 2017

Cyber Security

Your Reputation is Now a Target of Cyber Criminals
Your organization will be hacked. That is the new reality. Up until now, the battle has been containment: the robbers (i.e., hackers) may get past your front door, so the strategy is to keep them out of your vault (e.g., social security numbers, credit card numbers, etc.). But, what if the new target for hackers isn’t in your vault? As the 2016 election proved, and a recent report by cognito (Strategic Threat Trends to Watch in 2017) highlights, we are now in a new game where the robber wins even if they don’t get to the vault. So how can your organization prepare for this new game?
Up until now, the primary threats …

Continue reading >

Tagged In

Cybersecurity

The Intersection

The Intersection is an in-depth series designed to help you anticipate and prepare for public policy challenges and opportunities.

View the Intersection
See all posts >