[BreachExchange] A CMO-CIO Alliance Is An Organization’s Best Defense Against Hackers

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 22 19:09:59 EDT 2017


>From Amazon’s robotic vacuum to robot toys that teach coding, there are now
6.4 billion web-enabled objects (and counting) streamlining even the
smallest of everyday activities.

For marketers, the Internet of Things (IoT) offers huge potential—of the
62% U.S. adults owning at least one connected device, half of those device
owners are willing to receive ads.

What’s more, the data that connected devices generate offers CMOs exciting
opportunities to deliver one-to-one marketing and create new products and

A Gateway To Consumer Insight
Connectivity has created a new age of product marketing. With one
connection, brands can provide greater convenience and personalisation—be
it a smart refrigerator with connected cameras that ensures you have all
the groceries you need, or central heating that can be fired up from afar.

And by turning products into “sensors,” marketers can gain insight into how
they are being used and create a virtuous circle of new product
development. For example, since hooking its vending machines up to the IoT,
Coca Cola has uncovered unique insights about its customers. Data from
machines placed on university campuses showed that sales of its drinks
spike before certain TV shows. This is valuable information for product
development and identifying prime ad slots.

But with so much data travelling between countless smart things,
opportunities for the wrong people to access it are increasing too. Last
year was busy for hackers. Not only did they steal 2.2 billion data
records, but they also exposed flaws in IoT devices from big brands
including Nest and Mattel.

Even more catastrophic is that now medical devices join the ranks of IoT,
so our bodies can be hacked. And cars and planes are being assembled with
IoT at their core, giving an attacker control of fast-moving, deadly

To truly benefit from the IoT data-value exchange, marketers need a better
appreciation of the risk exposure for consumers, and their business. They
need secure networks, privacy policies, and breach protocols that suit the
product value and context.

So how can they do this?

An Easy Wall For Hackers To Scale
A key failing of IoT devices is that most are designed with functionality,
not data protection, in mind. In fact, many don’t even have the capacity to
automatically install crucial security updates. A recent HP report showed
that 70% of commonly used IoT devices have serious security flaws.

Users who assume their devices are secure don’t help the situation, with
many failing to change their passwords from their original setting. This
oversight was exploited last year in the largest DDoS attack on record,
which seized control of nearly 400,000 devices and took down multiple
sites, including Twitter, The Guardian, and Netflix.

And the negative effect of hacked devices isn’t limited to malware—it can
invade personal privacy. One of the most notorious examples of this is the
case of a hacked baby monitor in 2016, where a stranger was able to
communicate with a toddler. The incident hit global headlines and
manufacturer Foscam became a byword for the dangers of IoT devices.

Yet it could have been avoided.

Months earlier, a researcher had disclosed the security gap to the company.
Had Foscam’s technology and marketing departments collaborated more
efficiently, they may have been able to close the gap, or warn customers.

So, herein, lies a key solution: the CMO and CIO—roles that traditionally
have operated in silos—working together to secure customer data.

Why They’re Better Together
Unlikely partnerships can be hugely successful if they have a shared aim,
and for CMOs and CIOs this is turning our digital evolution into growth and

When working together, they can put in place robust security procedures and
privacy policies that enable them to shut down system loopholes and take
pre-emptive action against attacks. For example, using authentication to
manage system access will present a formidable barrier to those trying to
steal data, and ensuring all data is encrypted will make it harder to link
back to individuals, thereby protecting their identity.

And it’s not all about internal processes. CMOs and CIOs must work as one
to communicate the protection habits consumers should adopt (such as
updating IoT device passwords) and develop smart fixes, like one-time-use
passwords or unique identifiers for login.

But with hackers constantly upping the ante, even the most thorough privacy
practices and product development can’t entirely eliminate the risk of

So even more crucially than prevention, the new focus must be on detection.
CMOs and CIOs need to know the systems that have been compromised—what
devices, users, and attackers were involved. By applying analytics to
network traffic, for instance, malicious behaviour of all kinds can be
unearthed, enabling organisations to quickly isolate and remove intruders,
while keeping all devices and the networks that power them safe.

Finally, as well as working with the CIO to secure networks against data
theft, marketers should be transparent about how they collect and use
personal information. Consumers have a right to privacy, and they must be
allowed to receive privacy notices and express preferences for marketing if
the data exchange is to continue.

Delivering on the revenue and growth opportunities afforded by IoT requires
keeping the consumer happy by securing their data and privacy. To master
this ongoing challenge, the CMO and CIO are better working together.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170522/74d9b2b2/attachment.html>

More information about the BreachExchange mailing list