By Emilio Iasiello
Everyone has likely heard the phrase, “it’s not if, it’s when” in regards to security breaches. We often see brand reputation tarnished in the wake of a breach, yet many brands don’t have proactive brand protection procedures in place to mitigate threats before damage can occur. With millions of individuals’ personal identifiable information at risk, the fact remains that breaches are an everyday concern and will undoubtedly impact all organizations and the public at some time or another.
With so many public-service oriented organizations being preyed upon and surrendering vital personal information, it is little surprise that brand reputation suffers as a result of these security fallouts. Not to mention class action law suits from victims. Target’s data breach (and subsequent lawsuits) is a perfect example that highlights this phenomenon. Between mid-November and late December 2013, hostile actors gained access to Target networks potentially compromising as many as 40 million customer credit cards and possibly impacting upwards of 100 million people. As a result, both banks and consumers filed separate class action law suits, and Target estimates that it has paid out $252 million in expenses related to the breach. The company’s annual profit during the year of the breach fell 34 percent to $1.97 billion.
Public trust and public confidence are indispensable for any organization that relies on consumer patronage. One study found that 12 percent of shoppers would stop shopping at a retailer compromised by a breach, while a staggering 79 percent of shoppers who did return preferred to use cash as a method of payment as opposed to using credit or debit cards. While larger organizations like Target may be able to survive short term losses (the company grew its 2015 profits by 22 percent and shares by 31 percent), for smaller-to-mid size companies, breaches can be a death sentence. Code Spaces, Mybizhomepage, and Nirvanix are three examples of companies that were not able to weather the breach storm and ultimately failed after sustaining severe damages to finances and reputation.
Many organizations are attractive targets because they hold their customer’s financial and personal information, which can sell for large sums of money on the black market. According to one news source, 100,000 Social Security Numbers are valued at approximately one cent each, yielding a profit of $1,000. Healthcare records are potentially more valuable, with stolen healthcare records garnering as much as $363 per record, more than any other piece of data from any other industry or sector.
The Target incident is an excellent example of corporate crisis management, particularly with regards to preserving consumer trust. Organizations need to develop an incident response plan that helps identify, contain, and reduce risk in the event of a breach. The past year has shown that all organizations regardless of size or sector are viable targets for any one of the diverse malicious actor sets that thrive on the Internet.
Damage to brand reputation does not have to be permanent, and can be avoided with the proper tools. Brand protection services that proactively monitor the Internet for threats such as Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. sites, trademark and brand abuse, malicious apps, and Domain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website. name registrations can protect your company before a breach occurs.