Brand Hacking: The Sting of a Cyber-breach
Brand is a powerful thing. When consumers buy something from a company, they are paying for the image and brand as much as the product itself. Trillions of dollars are spent every year in sales and marketing efforts to create effective brands that sell. This cannot happen overnight but rather over several years of careful strategy and execution. And nothing tarnishes a brand’s reputation faster than a hack.
“It takes 20 years to build a reputation, and five minutes to ruin it.” – Warren Buffet
What’s in a brand?
Putting a value on a brand is always challenging because there are many facets involved. The BrandIndex scale is an objective measurement of brand perception derived by painstakingly interviewing 2.5 million people each year. They are asked to scale thousands of brands from +100 to -100. Through these scores, companies are directly compared to one another through attributes such as buzz, value, customer satisfaction, reputation, brand awareness, and purchase intent to name a few. Many of these attributes are simply handled through the company’s marketing efforts. National commercial campaigns, store revitalizations and big sales alert the public to things that stay on the marketing message. However, when giant cyber hacks make the headlines, companies quickly lose control over their own marketing message. Everything they want to educate and inform the public about is quickly overshadowed by almost everything a company does not want public.
When Target was hacked back in December of 2013, it was one of the largest cyberbreaches in history. Some 40 million credit cards including 70 million customer addresses were compromised. Needless to say, Target’s BrandIndex score dropped some 35 points knocking them from the top 20 most respected brands. When hackers breach a company, they are attacking much more than customer data or confidential executive emails or even company IP. They attack that company’s brand – a brand that normally keeps shoppers coming back out of a sense of loyalty. It might cost billions of dollars over many years to build up a company’s brand, but that buys things like customer loyalty, which then become priceless to that company. So when shoppers go elsewhere for fear they will be the next cyber-victim, it is the most damaging kind of attack that can be perpetrated upon a corporation. In the case of Target, there was pronounced fallout from shareholders, lawsuits from customers, and ultimately a brand left tarnished to this day.
Post Breach Lessons:
Post Target breach, the retail industry has learned some valuable lessons. There is no magic bullet to prevent being hacked. When money is paid in physical dollars, credit cards at the POS (Point of Sale) terminal, or online, there needs to be layers of security throughout. A layered security approach protects the infrastructure, applications and all of the data running through the retail chain. Companies have learned the importance of closely watching data as it moves across an organization. Since the Target breach, many companies have put practices such as regular security audits into place. These include best practices training from the top down so everyone in that organization realizes their critical role in security within the corporation.
Corporations with large amounts of data have also instituted regular vulnerability assessments, which are used to bring to light all weaknesses they might have in their servers or networks. When vulnerability is detected, this becomes an actionable item to be immediately addressed. Another effective means to keep corporations safe are regular penetration tests where a ‘white-hat’ (ethical hacker who hacks to test a network’s security systems) hacker identifies security weaknesses by hacking directly into a corporation. Often, a white hat will discover vulnerabilities in the company’s computer networks with the goal of shoring them up before a ‘black hat’ (hacker with malicious or criminal intent) hacker discovers and exploits these weaknesses.
The Target breach began with Fazio Mechanical, a third party vendor whose login credentials were compromised and subsequently used for remote access directly into Target computer networks. Once the hackers had remote access, they could figure out which portal to subvert and eventually utilize it as a staging point to get deeper into Target’s internal network. Despite Target’s network security and monitoring already in place, the hackers ended up exploiting a simple vulnerability via a third party vendor. Hackers often take their time to find back doors with not-so-obvious points of entry. This ensures that those who have been breached do not detect nor act immediately to fix the breach. Some breaches go unnoticed for months while others that are eventually noticed, go unreported for even longer. Target had monitoring in place that did detect suspicious activity but it went unnoticed at the time.
How Customers Can Avoid the Same Sting
Big brand retailers have and will continue to get compromised so what can consumers do to not be the next in line? When a company gets hacked and consumers’ credit card data is stolen, banks do not know the specifics of the hacking so they simply issue new credit cards based upon a list of possible compromised account numbers. As consumers, we are mostly left in the dark when it comes to such details but that’s probably for the best. Even if you can isolate which retailer a compromise occurred at, there is little that can be fixed once the damage is done.
You are better off to focus your efforts on regularly scanning your personal card statement with an eagle eye on any suspicious activity and to report fraud immediately by calling your credit card company. Before your credit score goes down, contact the credit bureau immediately (Experian, TransUnion, or Equifax) to report the situation so they can put an alert on your account. If you fear ID theft, you should complete an Identity Theft Affidavit with the FTC (Federal Trade Commission).
When your credit card is compromised it is a good idea to note all online retail stores your card is linked to and remove that linked information. This means that with all future purchases, credit card information must be manually entered. You can also limit your risk by purchasing a pre-paid credit card, which acts like a debit card in that it is preloaded with cash but not connected to your bank account. Of course, the most effective way to stay safe from any credit card breach is to not use a credit card at all and just use cash.
Brand Hacking is not going away. Just ask Home Depot, Eddie Bauer, Sony, Ashley Madison and of course, Target. Many of their customers have fled to competing brands. They might have loved the products and service that these hacked brands offered but that wasn’t enough to keep them loyal. Some left out of fear while other customers lost time and money just by not fleeing sooner. Whatever the case is, no one ever wants to be associated with brand hacking.
This blog originally appeared on The Huffington Post