Dangerous misconceptions about data breaches
Not all breaches are the same, nor always a failure of company processes, but executives need to take steps to ensure the long-term security of their marketing data.
It’s no coincidence that the rise of data-focused headlines in marketing trade publications has corresponded with a rise in data breach headlines in the general press. Consumer data is big business, and with rising opportunities come rising threats.
Companies across industries, from financial services to ride-sharing platforms, have experienced fallout from massive data breaches in recent months, and executives around the globe have watched these developments with a mixture of anxiety and fascination. Unfortunately, despite the growing awareness of the threat of data breaches, few company leaders understand the true nature of these incursions and their implications for their companies when they occur.
Misconception: All data breaches are the same
For most people, the concept of a data breach conjures up thoughts of deviant hackers, sophisticated viruses and denial-of-service attacks targeted at taking down an online property. And indeed, these are very real threats that entire professions are dedicated to identifying, mitigating and preventing. But many data breaches, including most of the ones making headlines over the past year, are much subtler. These breaches, which can take months if not years to uncover, originate from a lack of proper controls and understanding of vulnerabilities.
Many of the vulnerabilities that threaten companies’ customer data emanate from third-party technologies on the websites that they do not control – trackers, third-party tags, ad and social media technologies, and others. In some cases, authorized website tags (both first-party and third-party) enable dozens or even hundreds of additional tags that the website owner doesn’t know about to be placed on a site. Malicious code can be introduced to a site or customer devices via these tags, compromising the personal information that consumers give a company. Or, third-party technologies can lead to the leakage of sensitive and customer PII data – data that hasn’t properly be anonymized – to third parties.
Both types of breaches are preventable through proper marketing security measures. But because executives aren’t even aware of these kinds of threats – or wrongfully assume that their IT teams are already checking these boxes – they go unaddressed until a breach occurs.
Misconception: Only high-profile companies are targeted in breaches
The bigger the data, the bigger the target, of course. So it’s no wonder that the data breach victims we see in the news these days tend to be high-profile companies with access to massive amounts of consumer data. But to assume that smaller companies are safe from such incursions would be folly. If a company operates online and collects consumer data in any capacity, it is vulnerable to a breach. You might only see the big names in the newspaper, but the pool of companies that have experienced (or are currently experiencing) data breaches is both wide and deep.
Misconception: Breaches are a failure of company processes
When a company’s website or app is breached, an executive’s knee-jerk reaction is often to look toward internal processes to find fault. And indeed, marketing security processes are important and often found to be insufficient (or absent entirely) when a breach is revealed.
Unfortunately, sometimes all the processes and employee due diligence in the world wouldn’t be enough to prevent a data breach. Again, in some cases, we see that companies have hundreds of unauthorized tags plugged into their websites, with more being added every week. No amount of manual review could detect and block all potential threats. Technology has wrought the plague of data breaches upon us, and technology solutions are required to prevent them.
Misconception: If a company is breached, it takes a financial hit and moves on
Finally, most executives whose companies are breached are surprised to discover the extent to which a data breach can affect an organization for the long haul. They expect their companies to take a painful hit, yes. But it’s not as simple as uncovering a breach, apologizing, paying out potential fines and lawsuit damages, and moving on.
In addition to the initial financial damage of a breach, companies face a long road when it comes to repairing consumer trust in their brands. Furthermore, from an internal standpoint, data breaches can shut down organizations from a progress standpoint and drastically impede future growth. In many cases, companies that have been breached go into an aggressive protection mode in which even the most minute new product or service development must pass muster with the company’s attorneys. Can you imagine the slowdown such companies see within their technology departments, not to mention the effect such a culture has on employee morale? Ultimately, data breaches can be a long-term death knell to companies in fast-paced industries.
Prevention starts with education. The above represent a few of the most common – and most dangerous – misconceptions about data breaches among today’s senior executives. Armed with this knowledge, executives must begin to take the needed steps to ensure the long-term security of their marketing data, as well as the long-term health of their data-driven businesses.