Cybersecurity is no longer a topic just reserved for new technology fans and experts. Today, cyber-attacks make mainstream media headlines. All cyber-attacks make an impact on the company’s image and therefore on the trust conferred on it. In addition to damaging the company’s image, cyber-attacks can carry heavy financial consequences, as we experienced this Summer during the WannaCry and NotPetya attacks that have generated a total of billions of euros in losses for companies.
To avoid these costly consequences, companies are clearly concentrating on securing their critical IT infrastructures, but cyber-attacks are not only targeted at network vulnerabilities, datacentres and workstations. Users, whether internal or external to the organisation, are a prime target. Attackers usurp the identity of the targeted organisation to trick users in order to carry out their misdeeds.
The Company’s Digital Presence: A New Risk Factor
In recent years, companies’ digital transformation has been characterised mainly by exponential development of external communication via digital channels; means of communication have multiplied and become the privileged vectors of exchange and interaction, revolutionising the customer relationship and exchanges with partners. To remain closer to clients and partners companies promote the use of digital communication via:
- Emails
- Instant Messaging
- Institutional websites and Web applications
- Mobile applications
- Social networks
These media are the company’s showcase allowing it to portray itself, to expose and to radiate its brand image, via its own graphic impact, elements of language and messages. They personify the company and therefore refer directly to its perceived value. In addition, digitalisation has made it possible to largely substitute the physical relationship by digital services, accessible at any time and anywhere in the world, via which the company gives access to its community as well as its products and services, boosting ever faster, simpler and customised interactions with the users.
This heightened digital presence has enabled companies to develop their communication and the accessibility of their services, using digital channels to represent the company directly and fly its brand image flag. But there is a flip side to the coin: this digital ubiquity increases the possibility for attackers to usurp the company identity for malicious purposes.
Damaged Brand Image: the cyber-attack’s collateral damage
During a cyber-attack using spoofing of the company’s identity as a vector, the attackers’ intentions can be varied:
Some attacks aim directly to undermine the company’s credibility, to make the company appear incompetent, or to show the malicious group’s superiority imposing its antagonistic ideology:
Over the last few years, there have been cases of website defacing where the content of the pages has been changed to transmit false information and mock businesses in order to harm their image. In 2015, Lenovo paid the price when “hacktivist” group Lizard Squad attacked its website, redirecting visitors to photos of the attack’s protagonists. Attackers can also publish false information on a social network after stealing the Community Manager’s credentials. One defining moment of 2017 in France was the hijacking of the Ministry of Culture’s Twitter account by a joker distilling various abusive tweets. For the companies affected by these attacks, the financial consequences are as expected: following these events and announcements, the repercussions on sales and stock market value are always accompanied by a heavy impact on brand image.
In other cases, the attackers divert the company’s identity, this time seeking to steal money. In this case, the attackers pass themselves off as the company in order to commit frauds aimed directly at tricking the users:
- The “President scams” are steadily increasing and allow attackers to divert large sums of money by misleading employees in finance to believe they have to execute an urgent transfer for a company director. In France, the total damage caused by this fraud is estimated at more than 400 million euros per annum.
- Corporate employees are also the target of phishing campaigns, which can trigger a viral load contained in an attachment or a link from a seemingly familiar email. The goal may be to deploy a Cryptolocker to demand a ransom, or to gain a gateway into the organisation’s information system.
- Companies are also affected indirectly when phishing campaigns use their domain name to send fake emails to customers asking them to update their bank information or other personal data that may have value.
- The great novelty for collecting client data is via fake mobile apps imitating a legitimate application by their logo and interface but acting as a spyware when installed on the user’s smartphone. For example, a false WhatsApp application integrating malware was downloaded more than 1 million times on the Google Play store in October 2017.
In a digital world where customer confidence, increasingly sensitive to cyber subjects, is easily lost, protecting brand image has become a major issue for businesses, alongside protecting their IT infrastructure and data. But what are the best practices to put into place to limit these risks of usurpation?
Dedicated Solutions and Organised Monitoring for better protection
A company’s brand image protection of necessarily passes through the protection of digital communication channels. Depending on the type of channel, different action can be taken:
- Names of websites, email addresses and social network accounts similar to those of the company need to be monitored. This practice is recommended by the ANSSI (French Information Security Agency) to combat the brand usurpation, as well as the monitoring of the “Dark App Store” offering users pirated and potentially malicious versions of enterprise mobile applications.
- Carrying out regular audits and vulnerability scans on institutional sites and mobile applications allows the identification of vulnerabilities that could provide entry points during a cyber-attack. The necessary corrective measures can then be implemented to secure these media especially against defacing.
- Implementing multi-factor authentication for email and social network administrator accounts reduces the risk of spoofing by simply stealing credentials. This greatly limits the risk of malicious content being published or shared, or theft of sensitive data accessible via mailboxes, as was the case in 2017 for the firm Deloitte. In this theft, more than 5 million e‑mails containing sensitive exchanges with their customers were stolen, following the theft of one of the administrator’s credentials
- Activating protection such as SPF, DKIM or DMARC protocols can prevent the spoofing of company email addresses. In fact, these protocols protect the company’s domain names by declaring the IP addresses legitimate for sending emails and implementing signature mechanisms for emails to certify them. These protocols ensure that the company’s domain name cannot be used from an undeclared server.
Since digitalisation has favoured exposure of enterprise identities, cyber-attackers and hacktivists therefore take advantage to attack the companies and their ecosystem by posing as the company. In all these attacks and frauds, the attacker uses more or less complex means to usurp the company’s identity to attack and to weaken it. A damaged company brand image, for its customers but also for the general public, can cause financial losses of millions of euros, added to which are the huge losses that an attack crippling the company’s information system generates.
The subject of protecting companies’ digital identity, in whatever form, needs addressed so that they can protect themselves against the frequent and costly usurpation of which they are victims.
