Recent cyber attacks in the region tell a cautionary tale for brands that are now increasingly reliant on the internet for practically everything.
The Philippines took the brunt of the attack from Anonymous, with at least 38 defaced government websites just last week. An the same time, the Straits Times website in Singapore was breached by a local arm of the growing hacker collective.
Hacking has become a more genuine problem for brands based from the vulnerabilities in what should be secure state-managed online portals.
With mainly political motivations, these so-called hacktivists target government websites as a statement against corruption and human rights. So far, brands have not been harmed, but questionable manufacturing practices, poor environmental safety regulations or even bad customer service are alarmingly synonymous issues that could easily provoke these groups.
“No organization, brand or government can consider itself immune to a cyberattack,” says Don Anderson, SVP for regional strategic digital integration at FleishmanHillard.
“As long as there is a reliance on computers, and the focus on data grows, cybersecurity will always be an area of significance and one that we cannot expect to diminish any time soon.”
In an interview, Anderson explains why rogue tweets and Facebook trolls should be the least of your concerns in today’s risk management landscape.
Are brands aware that they are at risk?
With some exceptions, brands are not aware, or taking the necessary precautions to be prepared. You can relate this back to social crisis management -- if you were to ask a random assortment of brands if they have plans or processes in place to address any crisis situations that arise through social media, most would say 'no'.
IT brands are really at risk but how about non-tech brands like FMCGs? What can trigger hacktivists to turn their attention to them?
Same degree of risk applies to FMCGs as it does to IT brands. It doesn't really matter what industry you are in, or how small the operation, you can be a target.
Any time you have a public presence and profile, are interfacing with customers or partners, and collecting and storing data around your customer relationships, you are going to open to potential security attacks. Hacktivist groups have been known to strike brands for varying reasons, be it in reaction to the company's corporate policies, employment practices, products or even marketing activities, or simply to just prove a point that their systems can be tested and infiltrated. It's why brands cannot afford to let their guard down at any point.
What damage can we expect?
The damage from a cyber security incident, such as a data breach, is both financial and reputational, as the trust that customers, employees and partners have in a particular company, government or institution is violated.
Brands are just as immune as governments. Brands such as Apple, twitter and Sony through to news agencies such as Reuters have all faced cyberattacks and security breaches of their online platforms and social media sites at different times. Small businesses are also ripe for attack, because most don't have access to sophisticated systems or even security guidelines in place to ward off hackers.
What are the basics that should be in place?
We know from experience that you can't make a data breach "go away," but you can do things that help mitigate the situation and prepare you for any future, potential interruptions or data theft.
For example, preparations can include policy and procedure reviews, communications readiness assessments, and reputational risk assessments. We recommend that brands develop a comprehensive response plan, which includes crisis simulation drills with all parties involved in cyber incident response, along with security awareness training, advanced monitoring & threat detection and reputation restoration initiatives for post-event breach situations.
When companies realize the value that this brings to their organization, and the millions of dollars that can be saved by protecting their assets and reputation, they typically will dedicate the necessary resources to get themselves aligned internally against potential external threats.
But again, most fail to do this until it's too late. And sometimes, that is often due to their own limited knowledge, budgets or interest in cybersecurity issues.