Marketing vs. Cybersecurity in 2016

It’s inarguable that marketing and cybersecurity are both essential to the success of a business. Marketing presents a vision to the market, and cybersecurity protects the company against digital threats and attacks. But despite both departments having company and customer interests in mind, there’s sometimes a disconnect between their activities.

This disconnect could be a company’s downfall. If a marketing team is operating online without the security team’s awareness, the company could encounter one or more of the many cyber threats detrimental to their business. On the other hand, if a security team knows what tools and assets the marketing team is using, it can be vigilant of common attacks that occur in those online spaces.

Aligning the departments is instrumental to guarding a company against cyber attacks and effectively growing a business. The following areas are ideal places to watch for cyber threats surrounding marketing actions. Informing both the security and marketing departments about each other’s priorities builds a team that communicates well and jointly contributes to success.

Social Media and Phishing

As business dependence on social media grows, marketers will continue to expand their efforts on these platforms. It is estimated that 79% of businesses were using social media in 2014 to connect with customers, a number that likely rose in 2015. Many companies have an individual or a team of professionals dedicated to running and tracking engagement on social media.

While social media is an excellent tool for creating industry conversation and gaining sales, cyber dangers are extremely prevalent. Phishing scams are one of the most common threats to a network, and 1 in 5 phishing scams targets Facebook alone and almost 2% of all social media interactions containing a URL are malicious. Phishing scams on Twitter, LinkedIn, Google+ and YouTube are just as likely.

The possibility of clicking on a link with a javascript call to a malware or unknowingly giving away personal or corporate information in a phishing site, goes up considerably on sites with trustworthy purposes. Trust is indeed how phishing scams on social sites prey on unsuspecting victims. The worst case scenario would be if an attacker phished the company’s account details and used them to extract customers’ personal information or the company’s IP.  

The content marketing firm Outbrain experienced this type of phishing and subsequent attack firsthand. An email that appeared to be from Outbrain’s CEO was sent to all employees with what looked like a credible link that actually allowed hackers to compromise the company’s widget configuration tools.

After marketers have alerted their cybersecurity colleagues about the apps and tools they are using, a cybersecurity team can execute an awareness campaign to train them to be aware of dangers in these tools. With more understanding of threats, more employees can prevent and mitigate them.

Content Management Vulnerabilities

Social media isn’t the only online platform helping marketers reach more people. As technology changed marketing, many online tools emerged to make marketing easier than ever. Goals shifted, but so did the strategies to accomplish them. Marketers discovered a trove of innovative Web tools and with them their cyber vulnerabilities.

A widely-used platform in the marketing industry is the content management system (CMS). These online platforms allow a marketing team to create, regulate and monitor websites, blogs and other customer-facing business functions. The system is an all-encompassing toolkit for running most online marketing activities. Unfortunately, it is also a focus point for attackers.

WordPress, the most popular CMS on the market, is also the most popular CMS to be attacked with WordPress sites being attacked 24.1% more than all other CMS platforms combined. This manifested in 2014 when attackers deployed a DDoS attack using 162,000 WordPress sites to flood an unidentified victim site. Attacks like these are more common and widespread than ever before.

In June of 2014, Evernote and Feedly joined a long list of DDoS-attacked companies when the sites were overwhelmed with traffic and attackers demanded ransom money. The companies did not meet the demands and instead tried to mitigate the attacks with cybersecurity tools.  

Once a hacker gains access to a company’s CMS, he can control, modify and steal information from the website. A German study found that 76% of all identified vulnerabilities were the add-on and extension modules. When a team updates the security to the overall CMS, the extensions are often excluded, leaving them as open gateways to attackers.

Biggest Asset, Biggest Threat

There is one component of business that is of the utmost importance and concern for both marketing and cybersecurity: the website, a mission critical factor in running a company. Marketing often administers the website and content customers are seeing. Cybersecurity teams are hyper-aware of the dangers of website hacking, spamming and malvertising, which is the injection of malware into advertisements on safe sites. The website is the ultimate gateway for malicious attackers to steal customer data and deface the company’s online assets.

In one recent cyber attack, the company website was the only place hackers had to visit to steal names, phone numbers and credit card information. Popular U.K. pub and hotel chain JD Wetherspoon suffered a cyber attack on its website in June 2015. When customers bought vouchers, signed up for the newsletter or left feedback, their information was stolen by a Russian hacking group (a breach the company didn’t realize until CyberInt discovered it nearly six months later).

Unfortunately, essential marketing activities – vouchers, newsletter and Web feedback – that gain customer information were also easy targets in that data breach. If JD Wetherspoon’s cybersecurity team had been aware of these exposure points, it could have protected them with stronger defenses. Again, knowing how marketing is operating on a website aids cybersecurity efforts.

Working Together for Ultimate Security and Success

Starting out, a business’s functions, including marketing and cybersecurity, are a manageable and visible load. As the company grows, each department hones in on its expertise and amps up efforts to contribute to growth. This expansion often creates bigger divisions between departments, which can be devastating to overall success and especially cybersecurity.

When marketing and cybersecurity teams are aligned and aware of one another’s activities, they can protect their company from cyber attacks. Understanding which marketing tools can expose the company and its customers to risk will arm both teams with awareness of how to prevent negative cyber events.

Any successful company aligns its departments for the bottom line, but in 2016 and beyond, success will also depend on the company’s ability to align its departments for cyber protection.