fbpx
Skip to Content Skip to Footer
circuit board

Are Marketing Leaders Doing Enough to Avoid a Data Breach?

Michael Krauss

circuit board

Michael Krauss on what marketers can learn from ‘The Fifth Domain’

Marketing is a cross-discipline profession. We must do more than represent the customer to the business—we need to understand the “three C’s”: customer, competition and company. Too often, we view our internal company and C-suite colleagues as adversaries rather than business partners.

At a recent CMO dinner in Chicago, a group of marketing leaders were lambasting their CFOs and CIOs for underfunding marketing and overinvesting in technology. I disagreed. We marketers need to make the CFO, CIO and—increasingly—the chief information security officer (CISO) our teammates and best friends.

The folks around the table became uncomfortable. They argued that business leaders should reinvest in creativity. I agreed that marketing creativity is a key differentiator, but technology investments are going to continue. As technology evolves, we marketers must be alert to both the advantages and risks of digital disruption, including the threats of data breaches.

Advertisement

Data breaches may not be on marketing’s radar, but they should be. There can be enormous reputational risk, which marketing will need to address in the event of a breach. And, cybercrime can be costly to the enterprise.

In a disruptive digital world guided by social media, mobile solutions, analytics and cloud platforms (the SMAC technologies), had these leaders met with their CISOs? Do they discuss enterprise risk management, social media and digital marketing programs with their CFOs? Are they prepared to respond to the reputational risk of a data breach, data exfiltration and ransomware? Had they read The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke and Robert K. Knake?

A class on cybersecurity may not be high on the agenda for marketers at the top university programs in the country, but it should be. As Clarke and Knake point out in The Fifth Domain, cyberattacks have cost pharmaceutical giant Merck approximately $900 million and shipping leader A.P. Moller-Maersk about $300 million. Other cyberattack victims include Mondelez International, Marriott International, Equifax and Target, to name just a few. Even entities such as the city of Baltimore are facing cyber-based ransomware attacks.

Every marketer needs to read a primer on cyber defense, and The Fifth Domain is the perfect resource. It’s written without technical jargon and is an excellent longitudinal overview of the cybersecurity threat, from emergence to present-day risks and potential solutions. The book is comprehensive without being weighty. It describes the threat actors, policy problems and solutions, and the actions that enterprise executives should consider.

Clarke and Knake have been policy and technical leaders on the issue of cybersecurity for many years. Clarke served at the U.S. Department of Defense and the Department of State, and Knake served at the Department of Homeland Security. Both have held leading roles on the National Security Council—Clarke under Presidents George H. W. Bush, Bill Clinton and George W. Bush, and Knake under President Barack Obama.

Their 2010 book, Cyber War: The Next Threat to National Security and What to Do About It, was intended to “raise the alarm” about cyberthreats. The authors write that The Fifth Domain is “about how the balance between offense and defense is changing and how the rate of change can be increased to set us on a path of stability.”

They argue that, up until now, the cybercriminals and rogue cyberattacking nation-states have had the advantage and are winning. The authors explain what can be done via government policy, enterprise actions and collaboration to achieve “cyber resilience”: in which attacks, when they occur, are manageable and the “advantage will shift from the attacker to the defender.”

There are parts of The Fifth Domain that read like a classic spy novel and will keep you riveted. The authors describe the origins and impacts of the Petya, WannaCry and NotPetya attack tools.

They write, “NotPetya was an operation run by a military unit, specifically the Main Directorate of the General Staff of the Russian Federation’s military, often called the GRU or Russian military intelligence.

“The Russian military did not, we suspect, intend to indiscriminately attack global corporations,” the authors write. “What it had intended was a crippling attack on Ukraine on the eve of its national holiday, Constitution Day. The GRU had figured out a truly creative attack vector, a channel that could be used to spread an attack.”

Clarke and Knake go on to share how Fancy Bear penetrated the servers of Ukrainian government and commercial enterprises. “The GRU attack worked almost flawlessly, destroying almost 10% of all devices in Ukraine. … What the GRU had apparently not recognized (or maybe they did) was that global companies operating in Ukraine would also be hit (and would spread the attack around the world).”

An equally chilling segment of The Fifth Domain describes a fake scenario in which an international ally of the U.S. is physically attacked, but American war ships and resupply depots are disabled through cyberattacks that diminish the ability to respond in real time. The scenario is frightening—and it has the potential to become reality.

The Fifth Domain is a provocative and thoughtful read for anyone who aspires to lead in business today. It is especially relevant for marketers and communications executives.

Cyber risk equates to brand and reputational risk, so marketers need to participate in risk management. We also must be certain our marketing programs don’t generate cyber risk for the company. And, if marketing truly seeks a seat at the table of enterprise leadership, we should be attuned to such potential business threats. If we are to be effective “three C’s” marketers, we should extend our purview beyond customer and competition. We should be attuned to our company and its capabilities, as well as serious threats and risks such as cyberdefense.

Marketing, communications, legal, technology, risk management, HR, the CEO and the board must all be prepared and ready to act when a data breach occurs.

Marketers should understand the nature and evolution of the cyberthreat. We should be advocates for better cyberdefense in our enterprises and circumspect about the cyber risks engendered by our marketing programs. We should be participating in tabletop exercises to prepare for any cyberattack.

Primarily, we should be educating ourselves about cyber risk and cybersolutions—and that’s why we should read The Fifth Domain.

Photo by Tim Käbel on Unsplash.

Michael Krauss is president of Market Strategy Group based in Chicago.