Last February 20th the PRSA Tech Section opened its monthly webinar to the entire association’s membership. We got a strong response for our February topic: “Risky business: Managing Reputation & Digital Trust in the Age of Cybercrime,” with Wangui McKelvey. McKelvey is Vice President of Marketing for IBM Open Cloud Technology & Applications, and before that was with IBM’s Security Team for over ten years. The conversation was started by Tech Section’s Brandi Boatner, Social and Influencer Communications Lead at IBM’s Corporate Headquarters, followed by open Q&A with participants.
February was Black History Month, and IBM proudly celebrated its black team members by donning Pan-African colors on its logo.
Boatner started the webinar with a sobering question: we know that hackers’ skills are evolving, but what about our skills as communicators to deal with cybersecurity issues? Cyberattacks are no longer a question of “if”, but of “when.”
One place to start is by developing a better understanding of the cybersecurity threat landscape. IBM’s assessment shows that the average cost of a data breach is close to $4 million per business, and that 8.5 billion records were compromised in 2019 alone. IBM published these figures and many more on the X-Force Threat Intelligence Index report.
Part of understanding the cybersecurity landscape is to learn the key terms, like “data breach.” That means a serious security problem that resulted in data loss, which by law need to be reported to authorities. Then you have “security incidents,” which might be serious or not, and require more investigation. Then there is “vulnerability,” a software problem allowing cyberattacks, and other terms you need to know in order to grasp the many aspects of cybersecurity.
One important way in which the landscape has evolved is that cyberattacks used to be the purview of “script kiddies,” exploiting system flaws as a form of protest or for fun. Today, bad actors have turned cyberattacks into a huge business. Cybercriminals do get paid, in some cases through insurance policies that companies have started to adopt to prepare for impending attacks. The most common form of attack is still through email “spam,” which has become a source of increasingly realistic scams. Once the user believes the message and clicks on the link, they might expose their entire organization’s data to criminals.
The most effective defense against this kind of attack is to be risk aware. Criminal sophistication is not just on the technical engineering but also on the social engineering front. For example, McKelvey shared a story of an attacker who posed as a donut delivery person to walk inside an office and install a device to siphon off the company’s data. This type of attack is aided by all the clues about personal travel and interaction we leave on social media. It’s great to share our trips on social media but it’s smarter to wait until after we are back to post.
Some key tips McKelvey shared:
- Familiarize yourself with the cybersecurity landscape by using resources like IBM’s threat report
- Prepare a response plan, including the people you need to get the facts right about a potential attack
- The response after an attack should be quick because you are letting down your clients if it takes six weeks to inform them that their information was compromised
In the end, as communicators we are in the public trust business, and cybersecurity demands data responsibility. At a minimum, our role in communications is to make sure we are protecting the critical data that organizations entrust us with. PRSA members who missed the webinar can still watch a recording