The competition for consumer attention has led some brands to blur the lines between targeted marketing and privacy violations. Adding to the stress in the relationship between customers and their brands are the ever-present cyber threats targeting private data.
New data suggests there are consequences for companies that don't take their customers' private information as seriously as the customers do.
In their report, 'How Will People Trust You?', Forrester analysts Thomas Husson and Fatemeh Khatibloo point to some concerning findings: 46% of smartphone users have experienced a company taking advantage of their personal data and using it for something other than a previously agreed upon purpose, according to a Loudhouse-Orange survey.
> See also: Why privacy software is the next big challenge for coders
Just four spatio-temporal points are enough to uniquely identify 95% of individuals, a New York Times article says.
A Carnegie Mellon University study found that a person's location has been shared an average 5,398 times.
Forrester’s own research also shows that one out of three US adults has cancelled a transaction because of privacy concerns.
In most cases a person's willingness to buy from, work for, and invest in a company is driven by their perceptions of the company. The product or services that the company provides are most often secondary considerations.
Forrester also points out that information security and privacy are the top concerns for global business and IT decision makers.
However the lines between cyber security and privacy are blurring, if they ever were mutually exclusive to begin with. This year's Verizon Data Breach Investigations Report showed that 70% of web app attacks in 2014 were strategic in nature. The true targets weren't the companies that own the apps, but the patrons that utilise those digital assets. Those attacks were aimed at capturing private data.
The black market is awash with private data belonging to individuals, with cyber thieves’ monetising it in many diverse ways. Cyber criminals' or nation state actors' goals range from various money-making schemes like affiliate fraud to capturing login credentials that can be used in future breaches.
The problem is that the internal security many organisations have in place isn't enough to secure customers. Traditional security best practices dictate strong encryption and defence-in-depth postures. The problem is that these strategies leave gaps in security outside the traditional firewall.
Even if good encryption is used and endpoint scanning solutions are in place, many digital assets existing in web, mobile, and social media are outside the walled garden — often leaving them unaccounted for and unguarded.
> See also: Why identity and privacy rule on the road to digital transformation
The various threats may or not be immediately visible to security folks, but they do exist and they can be impactful. In situations with unusually high frequencies of cancelled transactions, more vigilance on the part of the consumer, complaints on social media, etc. it may be an indication of some security breakdowns occurring outside the firewall.
The key to ensuring safe communications with users is to first understand that what exists on the Internet always leads back to the company. This would be an organisation's Digital Footprint – all the web, mobile, social, and rogue assets that exist online and are discoverable by both customers and adversaries.
Understanding where all those assets are and managing them holistically is critical. By proactively monitoring all apps, landing pages, affiliate sites, etc. teams can better defend the security of their brand and limit private data leakage.
Sourced from Ben Harknett, VP EMEA, RiskIQ
