REPUTATION MORE VALUABLE THAN CASH (ASK SONY)


The recent attack (it seems by Anonymous) on SONY which compromised the personal details of almost 100m of their gaming customers has caused massive damage to the SONY brand.   According to Interbrand in 2009 SONY’s brand value was $12bn.   You can safely assume that it will have taken a hit in the order of billions of dollars.  ( This excludes any legal action and the resultant loss.) 

The same could be said of Epsilon and RSA who like SONY did not have a major financial breach but their good names have been severely compromised.   The loss to brand value as well as enterprise value could be massive due to the loss of future business.    (There is a report circulating citing research done on RSA’s customers of whom more than half stated that they would not be renewing their contracts. )    If not obvious before,  then now,  executives charged with the stewardship of large valuable corporations must realize how fragile that value is when faced with the multitude of challenges;   be they natural (tsunamis/earthquakes) or man-made (criminal / terrorism/fraud) or just good old competition.  

In respect of cybercrimes such as phishing and pharming attacks which can lead to either direct financial loss (draining of bank accounts/ theft of credit card details) or reputational damage (per the above) I contend that the latter constitutes a far greater threat than the former.  ( There are those who would argue that the  value of an email address exceeds that of a credit card number in the parallel world of the cybercriminal.)   In respect of individuals this would be in the form of ID theft where personal credentials are used to commit fraud thereby damaging (perhaps irreparably) that persons reputation.     We have seen from the above examples of just how,  a corporation's reputation can be impacted.   A person or a corporation would much rather that money was stolen than their reputation was damaged;   as the latter is very difficult to rebuild and, if so, invariably takes a long time. 

The need for strong authentication in situations where today simple ‘identification’ is used (such as applications using - user name and password / Single Sign On / OpenID) has become an urgent imperative.   Even then those authentication solutions need to be affordable, usable and effective.    Multi-factor solutions such as OOB tokens, OTP keys and browser-based javascript fingerprinting have relied on the browser, user acumen and ‘security by obscurity’ to function.

I believe we will see a steady trend of individuals and corporations demanding better security in the form of two factor authentication  (as a minimum) from their business partners / suppliers and customers.    We have seen many large corporations fall from grace very quickly for many reasons (Arthur Andersen / Enron / WorldCom / Lehman Brothers / Bear Sterns ).  

No corporation can afford to crash or be severely damaged, because they were hacked,  because they did not take their online security seriously.   

Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

HSBC EMBRACES OLD TECHNOLOGY IN ITS BATTLE AGAINST HACKERS

 If you live in the UK and are somehow involved in the business world and exposed to media you could not help but have noticed the extensive advertising campaign that HSBC has been running on its new (sic) ‘security device’ for online banking - Secure Key.    ( I was tempted to refer to them as  ‘ large UK bank’  - but it is so obvious who it is – no point in pretending. ) A lot of money has been thrown at this campaign – I would guess millions.  ( http://www.youtube.com/watch?v=Jx0Z5CiQMIw )   Full page spreads in large circulation newspapers cost big bucks not to mention prime time TV slots.   So here you have the worlds largest retail bank splashing millions on advertising and even more on a ‘cool’ little device that looks like a mini-calculator  - but basically a technology that has been around for about a decade.   This will be rolled out to 4m retail customers worldwide at a reported cost of up to £50 per pop! ( http://www.bankingtech.com/bankingtech/article.do?articleid=200002
Read more