Late last month, cyber crime whacked yet another large brand. On the evening of July 29, Capital One, the nation’s largest issuer of credit cards and the 10th largest bank by assets, issued a statement detailing the hack: a former employee of Amazon Web Services (AWS) allegedly gained access to 100 million Capital One accounts, 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. Capital One estimates it will cost $100 million-$150 million to recover.
The alleged hacker actually boasted about her conquest on social media, and this led to her arrest the same day. In an effort to bolster trust, Capital One quickly made the breach public. Similar to just about every financial institution, Capital One’s reputation is built on trust.
Unfortunately for Capital One, the situation is complicated. As noted, the hacker is a former AWS employee. AWS and Capital One are tight. The bank was an early AWS investor. More troubling, AWS hosts the bank’s servers, which the hacker compromised. Critics are questioning the ties between AWS and Capital One. Did the hacker’s former job help her hack Capital One?
As usual in high-profile situations, the lawsuits started within hours. One suit alleges Capital One failed to protect its data adequately. Another claims the bank ignored prior warnings that its data was vulnerable.
Capital One and its customers are among the latest victims of cyber crime. The ubiquitous nature of cyber attacks in the digital age means PR pros need to prepare to communicate about these kinds of situations. In fact, some are saying Capital One’s prompt communications could help its case during eventual legal proceedings.
While savvy companies protect their servers against hackers, there seems to be far less concern about brands protecting their social media accounts. It is estimated that 25 percent of social media accounts are hacked annually. And recall that the largest social media player, Facebook, was hacked late in September 2018. More than 50 million Facebook users’ accounts were exposed.
Since so many communicators rely on social media, PRNEWS and partner Proofpoint, an enterprise security company, conducted a snap survey of communicators to gauge their mood about social media safety. The survey was conducted in June and some 120 communicators participated.
Results were mixed. We found few companies seem concerned about the safety of their social media accounts. For example, more than 90 percent of respondents said they handle security of social themselves, foregoing a dedicated security company (see chart 3). About one-third of respondents said it’s too expensive to use an outside firm to protect social channels. Roughly the same number checked the response, “What the heck is social media protection?”
“That more than one-third of respondents don’t even know social protection services exist seems to indicate people don’t see this as a problem,” said Rowan Benecke, chief growth officer at Ruder Finn and former global chair of technology practice at Burson-Marsteller.
Part of the reason could be that the overwhelming majority of respondents said they’ve not encountered a social media breach (see chart 2). The issue there is that cyber crime and hacking are becoming ubiquitous rapidly. Similar to PR crises, the rate of cyber crime is rising to a point where companies need to say it’s if you’ll get hacked, but when. Everything is OK, “until it’s not,” Benecke says.
Related to these issues are the responses on chart 4. Nearly 40 percent of those who monitor their social platforms internally do so manually. The danger there is if, or maybe when, monitoring falls on the priority list of those assigned to manual monitoring. “Social marketers are still too reliant on manual detection,” says Proofpoint marketing manager Roman Tobe.
Accordingly, chart 5 seems to track with chart 4, with “reacting fast enough” (29 percent) receiving nearly one-third of responses to “What’s the most difficult part of social media crisis management?” With manual security, a prompt response is a concern. Another speed-relate issue is found on chart 8. Just 17 percent said an overnight breach would be flagged quickly.
Considering Facebook’s trust issues and that it was hacked in September 2018, there’s little surprise 56 percent see it as the most risky social platform (chart 6).
On a more positive note was the finding that slightly more than half of respondents (55 percent) said their companies have a social media crisis plan (chart 1). Another positive finding is seen in chart 7, where an integrated approach to social crisis response is indicated.
But there are also responses from those who said their company completely lacks a social media crisis plan (chart 9). Most (91 percent) said they could handle a social media crisis on the spot, but plans are too expensive or not necessary. Tobe disagrees. “Social media accounts are invaluable assets,” he said. “The right security measures are needed to protect them from attacks. A proactive approach includes adopting technologies that can prevent an attempted account takeover or block malicious links in content feeds.”
CONTACT: [email protected] [email protected]