In an increasingly digitized world, the significance of cybersecurity cannot be overstated. Yet despite notable ransomware cases in recent years and a drastic, seemingly COVID-fuelled spike in overall attacks, many executives remain unprepared.
In response to the increased frequency of cyberattacks, the cybersecurity market continues to surge, with forecasts predicting exponential market growth. Statista, for example, notes that “an increasing awareness of cyber threats leads to a rising investment in cybersecurity infrastructure worldwide”, forecasting a market expansion to $345.4 billion by 2026 – an expansion of over 50 per cent compared to its 2021 $217.9 billion market size.
Nonetheless, one may attribute the escalation of cyberattacks to an array of factors. The ongoing pandemic and the vulnerabilities it has exposed seem to lie at its centre, as IT professionals have seen a stark increase in cyberattacks since its start. Deloitte agrees, finding that 35 per cent of post-pandemic cyberattacks “used previously unseen malware or methods” – a notable increase from pre-pandemic’s 20 per cent. Yet research confirms that the majority of organizations do not have a cyber security incident response plan in place. Finally, the continued expansion of businesses’ marketing scopes now entails copious amounts of data, as Forbes notes. They argue that “as more departments across the organization continue to collect copious amounts of data, the IT team is no longer solely responsible for cyberattacks”. This, they explain, is because “overseeing every piece of data is extremely challenging” – leaving IT departments with fewer options and placing some cybersecurity responsibility on marketers as well.
McKinsey & Company reports that just 16 per cent of survey respondents say their companies are well prepared to deal with cyber risk. Worse still, as digital marketing expands, it too offers malicious actors more opportunities to carry out attacks. For this reason, let us explore the 5 most prevalent cybersecurity concerns in digital marketing.
Cybersecurity concerns in digital marketing
Still, digital marketers do not typically have to face or bear responsibility for cyberattacks of all types. Rather, each marketing practice and asset carries its own prevalent risks, which require due attention.
1. Malware and remote access to customer relationship management (CRM)
Cyberattacks targeting CRM software can be among the most damaging, given the nature of CRM software itself. A notorious such case in recent times was USCellular’s CRM data breach, which they believe occurred on January 4th, 2021. BleepingComputer reports that the attack occurred due to human error, as “employees were scammed into downloading software onto a computer”. Then, USCellular’s notification confirms that the unauthorized individual could enter the CRM system using the employee’s credentials, since they were logged into the CRM at the time.
To address this risk, organizations may adhere to stricter security protocols, such as only downloading software from trusted sources and partners, and limiting software installations on business machines to the bare minimum. Finally, regardless of department, all CRM users must log out of CRM solutions when not in active use.
2. Phishing and email marketing
Similar attacks occur via email phishing, with similarly increased frequency. A notable example of email-based attacks comes with NOBELIUM’s recent attacks against SolarWinds, which Microsoft had been tracking since January 2021. These attacks coincided with a concerning general spike in phishing attacks; Sophos’s 2021 survey finds that 70 per cent of respondents recorded a rise in phishing attacks on their organization since the beginning of the pandemic.
In this regard, as email users themselves, employees must remain aware of email-based phishing tactics and other attacks – as the above case illustrates. They may more carefully scrutinize any requests for information, from the sender’s legitimacy to the request’s purpose, and confirm with an appropriate manager when suspicions arise. In this context, minimizing human error through training programs that increase awareness offers demonstrable benefits.
3. Fraud and social media marketing
Further supporting this notion of cyberattack escalation, Phishlabs reports a staggering 47 per cent increase in social media-based attacks. Perhaps predictably, fraud was the attack type that saw considerably more use. This find, too, offers grounds for cybersecurity concerns in digital marketing, as social media marketing remains a prominent, cost-effective marketing endeavour.
Social media-based attacks typically include impersonation to effectively deceive recipients, and subsequently deploy ransomware. In this regard as well, businesses may enhance their cybersecurity training efforts and bolster their incident response plans. As they do, users may avoid dubious downloads on business machines and confirm information requests with superiors to reduce the risk of successful impersonations. They may also consider stronger, diverse passwords, as weak and shared passwords remain a prominent phenomenon that only endangers users.
4. Password attacks and brute force attacks in content marketing
This trend of risk escalation continues with increased attacks on Content Management Systems (CMSs). As regards WordPress in particular, WordFence and WPScan released a thorough WordPress security report in August 2021, in which they find that password attacks will continue to rise, while brute force attacks have already more than doubled.
Awareness training and response plans aside, content marketers thankfully have a relative advantage in this regard, as many SEO-adjacent practices they typically embrace offer some solutions. Regarding brute force attacks, marketers may cull old and unneeded plugins, opt for frequent backups and security scans, and use WordPress security plugins to limit potential vulnerabilities. Regarding password attacks, the report above concludes by suggesting “password hygiene best practices”, including using stronger passwords, using 2-factor authentication (2FA), and disabling XML-RPC when not in use.
5. Ransomware in eCommerce
Finally, eCommerce has not been exempt from increased cybersecurity risks. On the contrary, WebScale finds that security remains the eCommerce industry’s primary challenge, noting that “some of the world’s leading brands fell victim to cyberattacks” in 2020, including Virgin Media, Garmin, Tesla, and Shopify. Sadly, the same data also supports the initial claim that businesses and marketers alike remain relatively unprepared.
In this regard, marketers may consider a plethora of safety measures – the aforementioned aside. Content delivery network (CDN)-side, they may opt for widespread CDNs with multi-layer protection to better defend against DDoS attacks. Server-side, they may enhance SSL protocols, opt for robust security systems and firewalls, and enhance security monitoring to identify potential attacks more swiftly. Finally, user-side, they may opt for 2FA, stronger passwords, and anti-malware and similar security software.
To summarize, cybersecurity concerns in digital marketing abound in the post-COVID era. As malicious actors become emboldened and continue to seek vulnerabilities to exploit, so too must organizations and employees remain vigilant and careful in their online activities. As research continues to identify human error as the primary vector for attacks, cybersecurity training may offer a powerful asset.
by Nick Djurovic