December 3, 2018

Top 4 Reasons Communications & Creative Agencies Must Prepare for Cyberattack

For the 120,000 communications and creative agencies in the U.S., the threat of cybercrime isn’t new. In 2009, the FBI publicly warned that hackers were targeting PR agencies. Like most industries, agencies have been at heightened risk ever since, and yet far too few have proactively addressed the threats.

Over the past decade, many of these same agencies have worked diligently to help their clients establish crisis communications plans, engage in rapid response and mitigate brand reputation damage, both proactively and more commonly, in reaction to cyberattack. Ironically, the upsurge of “cybersecurity” work for agencies hasn’t translated into the prioritization of digital security for their own brands – leaving them more vulnerable than ever to cyberattack.

While attacks on agencies haven’t frequented the news cycle (yet), there are recent attack examples that suggest the industry is a priority for attackers. Just last year, WPP, the world’s leader in communications services, was crippled by the now infamous NotPetya ransomware attack, leaving staff across the world unable to access their systems and networks, according to AdWeek. In total, the attack cost WPP more than $19 million to remediate.

Additionally, many attackers now regularly seek out access to social media brand channels, many of which are run by marketing, digital or social agencies, and hide cyberattacks directly within posts. The origination of such an attack is often untraceable. And finally, earlier this year an international hacker group stole a bunch of press releases, which eventually netted them $100 million in illegal earnings.

 

Why are agencies attractive to hackers?

While you’re likely familiar with recent large-scale cyberattacks targeting enterprises, government agencies and politicians made famous by the news, you may be less aware of the millions of cyberattacks that now target small and medium-sized businesses on an hourly basis. As those larger public and private institutions continue to spend millions on technology and people to harden their cyber defenses, attackers have shifted their targets toward companies with lucrative data and assets that don’t have the resources to implement such defense-in-depth. Hence the risk to the majority of communications and creative agencies is rising faster than the industry can accommodate.

There are four primary reasons why agencies are an attractive target for cyberattack:

  • Agencies retain sensitive customer data, marketing strategies, market and competitive research and more – often for multiple clients. That means agencies hold a treasure trove of data.
  • Agencies are often known for their flexible, bring your own device environments and remote worker policies. But this flexibility, coupled with the fast pace of agency life, means employees are more likely to inadvertently connect to a compromised network or miss critical device updates and protections that leave them vulnerable to attack.
  • Turnover has long plagued agencies, and with turnover comes an often-overlooked threat – data theft.
  • Agencies are often early adopters of technology, many of which are reliant on cloud services (Box, Dropbox, Office365, Slack, G-Suite, etc.) for business operations, productivity and efficiency. Because of limited IT resources, these agencies often don’t realize that these cloud-apps are highly vulnerable to cyberattack, even with the security protections inherent to each service.

 

What’s at stake for agencies?

Knowing the risks, clients are increasingly demanding that agencies obtain cyber insurance and commit to cybersecurity. Cybersecurity has become a cost to doing – or at least to growing – business. Unfortunately, like many small and mid-sized businesses, most agencies don’t know the reality of their security risks, nor do they know who to trust and where to begin with creating, implementing and executing a comprehensive cybersecurity strategy.

Such an excuse – no matter how much truth there may be to it – is no longer acceptable. Today, clients of all sizes trust agencies with their sensitive data. A single breach can tarnish client relationships, result in lost business, interrupt business continuity, facilitate lawsuits and force agencies to close their doors for good.

In fact, 60 percent of hacked small and medium-sized businesses go out of business after six months, according to the National Cyber Security Alliance. For any agency to sustain, grow and gain top tier clients, it can no longer afford to ignore cybersecurity.

 

Data breach protection for agencies that use the cloud

Coronet protects agencies using the most popular cloud applications like G-Suite, Office 365, Slack, Dropbox and Box from data loss, unauthorized users and malware spread with no cumbersome installations or restrictions on where employees can work. In addition, Coronet prevents remote workers from joining rogue Wi-Fi networks while also blocking suspicious activity associated with BYOD policies – all without interrupting the user or the company.

Our platform uses AI to continuously get smarter at detecting and mitigating threats, providing security for users, devices and SaaS applications all in one platform. It’s security for agencies, done!

To learn more about Coronet’s data breach protection platform for agencies, schedule a demo at https://go.coro.net/agency-cybersecurity or start a free 30-day trial here.

SHARE THIS ARTICLE
AUTHOR
Dror Liwer
My entire career is focused on building, and leading, technology centric, client facing organizations.I posses a unique blend of strategic direction setting and tactical execution capabilities. Which is probably why I always felt more at home in startup operations, where the ability to wear many hats, and roll up you sleeves is necessary. Specialties: Senior technology executive with a proven track record of building organizations, motivating teams, and working with senior non technology executives.