Finding myself among the 145 million American’s who personal information was compromised by the gargantuan Equifax data breach, I welcomed the chance to talk with cybersecurity expert Norman Guadagno, senior VP of data security company Carbonite. Our conversation was both scary and enlightening as Guadagno pointed out how poorly Equifax handled the crisis, the inevitability of having your personal and company data hacked and, most important, the little-known fact that ever-growing marketing tech stacks are creating even greater security threats.
Let’s start with the Equifax data breach. How big a deal is this really?
It’s both a big deal today, and it’s going to be a much bigger deal over time. This is a watershed moment for consumers, for businesses and for marketers. We’re going to see an absolute shift over time in the fundamental issues around trust and data security, and how we communicate around these issues.
So a wake-up call for everyone, not just marketers?
Exactly. You and me and everyone reading this has been hacked before. You may not know it, but you have been. You and me and every one of our companies has been [hacked], or someone has attempted to hack [us] in the past, and will attempt to hack [us] in the future. This is the reality we live in today. What does this particular Equifax breach mean? I think it wakes people up to the reality that you, in fact, were never in control of your data.
Talk about the brand implications for Equifax. Imagine you were the CMO of Equifax right now. What would you be doing … besides updating your resume?
It’s a tricky thing because Equifax has to do a few things right away — and they’ve attempted a few. There was a CEO letter in USA Today, [and] they’ve been trying to update people on what’s going on. But the number one thing that they have to do is establish some degree of trust, because they’ve lost the trust of the public — not only because of the breach but also because of their immediate after response to the breach. The second thing that they have to do is move towards as much transparent, clear communication as possible. And, frankly, if it’s going to take ten steps for you or me to reaffirm that we are who we say we are, they need to tell you that, upfront. If I’m that CMO, I’m thinking that people have lost trust in my brand, and I’m thinking about what are the clearest communication channels I can get to as quickly as possible, consistently. I’m also listening — I have to listen to my market, as well.
This isn’t just a lesson in crisis management for CMOs, right? Has CMOs’ expanded use of marketing technology made their companies more vulnerable to cyber attacks?
We all know that marketers have become the biggest purchasers and consumers of technology inside most companies. The martech stack is massive, and we’re getting budget and dollars to build lots of things, like making purchasing data accessible to all of our customers. In doing so, we’re also opening a lot of potential doors to malicious hackers. We, as marketers, have to learn that simply implementing a new website feature or a social channel … it’s not just marketing but part of an IT infrastructure that has to take security seriously. And if we, as individuals, are not familiar with cybersecurity overall, we either need to get familiar at some level or we need to have somebody on our team who has responsibility for it.
You’re saying that CMOs really need to make cybersecurity a top priority?
If you’re in a business that doesn’t have an awareness of cybersecurity overall, when a crisis comes — and we all know that a crisis is going to come — it’s going to be on the marketing team to be able to explain it. And it’s going to look really bad if it was that marketing team that potentially introduced the backdoor in the first place from something that they built. We all want to be transparent and use martech to remove barriers, to enable feedback loops and make purchasing easier. But we also have to keep that data secure, [given that] marketers are collecting massive amounts of data, including personal information.
What an irony! As marketers try to help their customers with personalized shopping experiences or induce them to come back to the website with personalized pitches, the data that enable this customization is just the kind of data hackers want, right?
You’re right. It’s not just simply, “Hey, I’ve got a list of names and stuff that we can remarket to.” It’s someone else saying, “There is a list of names with people’s identities that I can steal and, by the way, I know that they like turbochargers or whatever. So, great, I’ll use that.” We marketers are sitting on some of the most valuable assets in the business: customer data. Marketers have to be thinking about the fact that all that data we’re using and collecting has tremendous value, not just to us but to malicious hackers. Regardless of the business we’re in, if we are not prepared to take seriously protecting this data, we’re going to get screwed.