CMOs must prepare to defend their brand and company with tools and strategies to combat almost inevitable cybersecurity events. Credit: Thinkstock Anthem, Yahoo, Ashley Madison and Target have all been victimized by cybercriminals. These brands have experienced some of the most notable cyber intrusions. This week Anthem is to pay a record $115 million to settle lawsuits over her cyber intrusion.This illustrates the stark reality that the half-life of the breach continues to wreak havoc on the reputation of a company, draining brand value, customer perception, and inevitably profits. Collateral damage associated with cyberattacks in 2017 will surpass the loss of customer data. The new face of cybercrime directly impacts a corporations reputation. Major breaches over the past decade have forced consensus that compliance with security standards does not equate to cybersecurity. Security awareness within the C-suite is required to mitigate cyber-risk. Responsibility to protect brands from cyber threats extend beyond CISOs. CMOs must prepare to defend their brand and company with dynamic tools and strategies to combat almost inevitable cybersecurity events. Avoiding a network breach is a corporations ultimate measure of success, though the supposition that an adversary is already on one’s network is foundational for mitigating cybercrime. When a breach occurs, the exfiltration process is not immediate—a hacker must maneuver, explore, collect information before she has found that which is valuable. Gone are the days of smash and grab cyber burglaries. In today’s increasing punitive cyberspace, cybercriminals have transitioned from burglary to home invasion. Victim organizations are experiencing multiple criminal schemes of monetization. Data is stolen and subsequently the brand is used against her constituency via watering hole attacks and business email compromise campaigns.According to the 2017 Verizon Data Breach Report “Breach timelines continue to paint a rather dismal picture—with time-to-compromise being only seconds, time-to-exfiltration taking days, and times to discovery and containment staying firmly in the months camp. Not surprisingly, fraud detection was the most prominent discovery method, accounting for 85% of all breaches, followed by law enforcement which was seen in 4% of cases.” Given the reality that the cybercriminal has a footprint within ones’ network for an extended period one must alter their security posture accordingly. The metric by which we can assess the potency of a cyber-countermeasure, is how effective it decreases an adversary’s dwell time. Decreasing dwell time is the measurable metric by which we can value a return on investment for an enterprise.Diving down into what decreasing dwell time affords the enterprise requires an examination of what the costs are to the enterprise when exfiltration of their data occurs. The Ponemon Institute diagnosed the relationship between dwell time and the ROI associated with brand protection. The study calculated for 419 U.S. organizations showed that costs of a data breach are in excess of $3.62 million. The average cost for each lost or stolen record is $141. The cost breakdown takes into consideration customer turnover, amplified customer acquisition efforts, and general “reputation losses and diminished goodwill.” The number one factor that impacts the cost is the time it takes to identify and contain a data breach. According to Ponemon, “the relationship between how quickly an organization can identify and contain data breach incidents and financial consequences.” We must realize that there is a significant unquantified loss associated with brand degradation. The more dwell time the adversary has in the environment, the longer it takes to detect and contain a data breach, the more costly it becomes to resolve, and the harder a brand’s reputation is hit. In our ever more connected world, reputational risk has metastasized in 2017. Reputational risk management requires investing in a cybersecurity architecture that maximizes brand protection. On October 26, 2017, Zero Day Con is bringing together global experts to discuss security architectures and strategies for protecting brand reputation. I would challenge us to begin the conversation about safeguarding our brands here today.XXXXX Related content opinion Digital hijacking: My identity is gone Ever wonder why your identity got stolen? Post-Equifax this article highlights a modern security strategy for the credit bureaus. By Tom Kellermann Oct 03, 2017 3 mins Internet opinion Big D: The importance of middle linebackers in cybersecurity Offense informs defense. By Tom Kellermann Aug 29, 2017 2 mins Technology Industry Cloud Security Data and Information Security opinion Crossing the Narrow Sea: mitigating island hopping Your supply chain is being invaded. It's time to discuss how best to manage risk to your supply chain and reputation in 2017. By Tom Kellermann Jul 24, 2017 3 mins Hacking Risk Management Security opinion May 18th: The birthday of the DPO The importance of the European Global Data Protection Regulation and its implications for cybersecurity in America. By Tom Kellermann Jun 06, 2017 2 mins Government IT Technology Industry Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe