Privacy Concerns Changing the Playing Field for Brands

Wednesday, June 24, 2015

Peter Zavlaris

Af2c9843333cc1e2578ddf18b3eed066

The competition for consumer attention has led some brands to blur the lines between targeted marketing and privacy violations. Adding to the stress in the relationship between customers and their brands are the ever-present cyber threats targeting private data. New data suggests there are consequences for companies that don’t take their customers’ private information as seriously as the customers do.

In an article posted on CIO magazine, author Tom Kaneshige references a Forrester report with the following statistics:

  • 46 percent of smartphone users have experienced a company taking advantage of their personal data and using it for something other than a previously agreed upon purpose, according to a Loudhouse-Orange survey.
  • Just four spatio-temporal points are enough to uniquely identify 95 percent of individuals, a New York Times article says.
  • A Carnegie Mellon University study found that a person's location has been shared an average 5,398 times.

Kaneshige emphasizes in the article that consumers show their dissatisfaction with their wallets. He cites Forrester Research, which shows one out of three US adults has canceled a transaction because of privacy concerns.

In a co-webinar with RiskIQ titled, ‘Brand Security and the CISO Safeguarding the Company’s Critical Digital Footprint’, Forrester Analyst Nick Hayes discussed a recent study from the Reputation Institute. In most cases a person’s willingness to buy from, work for, and invest in a company is driven by their perceptions of the company. The product or services that the company provides are most often secondary considerations. Forrester also points out that information security and privacy are the top concerns for global business and IT decision makers (full Forrester report go here).

The lines between cyber security and privacy are blurring, if they ever were mutually exclusive. This year’s Verizon Data Breach Investigations Report showed that 70% of web app attacks in 2014 were strategic in nature. The true targets weren’t the companies that own the apps, but the patrons that utilize those digital assets. Those attacks were aimed at capturing private data.

Black markets are awash with various sets of private data belonging to individuals — and cyber thieves are monetizing from it in many diverse ways. Cyber criminals’ or Nation State actors’ goals range from various money-making schemes like affiliate fraud to capturing login credentials that can be used in future breaches.

The problem is that internal security isn’t enough to secure customers. Traditional security best practices dictate strong encryption and defense-in-depth postures. The problem is that these strategies leave gaps in security outside the firewall. Even if good encryption is used and endpoint scanning solutions are in place, many digital assets existing in web, mobile, and social are outside the walled garden — often leaving them unaccounted for and unguarded.

The various threats may or not be immediately visible to security folks, but they do exist — and they can be impactful. In situations of unusually high frequencies of cancelled transactions, more vigilance on the part of the consumer, complaints on social media, etc. there may be some security breakdowns occurring outside the firewall.

The key to ensuring safe communications with users is to first understand that what exists on the Internet leads back to the company. This would be your org’s Digital Footprint—all the web, mobile, social, and rogue assets that exist online and are discoverable by your customers or your adversaries.

Understanding where all those assets are and managing them from one location is critical. By proactively monitoring all apps, landing pages, affiliate sites, etc. teams can defend the security of their brand and limit private data leakage.

This was cross-posted from the RiskIQ blog.

8551
Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.