Changes in the Cybersecurity Landscape Impacting Communications Professionals

It’s hard to overstate how much the cybersecurity landscape has shifted over the last 5 years. For everything from malware threats to defensive technologies, the pace of change has been incredible. This has created communications challenges for both companies selling cybersecurity solutions (why it matters) and for the organizations that need to inform customers and stakeholders when they’ve been breached (including raising the urgency of these communications). Let’s quickly look at some of the changes impacting this market and what comms professionals can do to help.

COVID and the Shift to a Hybrid Workforce
Remember 2 years ago when we went to offices, all of us, largely every day? We hung out around the coffee maker in the mornings catching up the events of the weekend or what’s to come in the day’s meetings. We met in person in conference rooms. We did desk “drive-bys.” And then 2020 came and we all went home. Of course, even before the lockdowns, we sometimes logged on from home when we had a tight deadline or a sick kid, but for the most part, we “worked” at “work.” Now, we “work” at “home” – or in a coffee shop, flexible shared workspace, lobby of a car repair shop… you get the idea.

Today, the concept of “securing the hybrid workplace” is as commonplace as “securing the perimeter” once was. This means organizations from SMBs all the way up to large enterprises are now tasked with not only securing their local networks and endpoints, but employee’s home networks and personal devices as well.

Growth in Cloud/IoT
Along with this new hybrid workforce there has been a shift to the Cloud over the last 5 years along with substantial growth in IoT. According to analyst firm, IDC, the IoT sector reached $100 billion in market revenue in 2017 and is expected to reach around $1.6 trillion by 2025. This means the attack vectors are endless – phones, tablets or other devices logging on to companies’ networks, refrigerators that talk to the grocery store, smart factories, connected medical devices, gas pipelines, satellites in space, the list goes on. When a power grid is hacked and the lights go off, every person in that area knows it – and feels it.

Cybersecurity Becomes a Geopolitical Issue
Cyber attacks are now a geopolitical issue and becoming a critical element of modern warfare. As of this writing, while the Ukraine crisis hasn’t led to the broad cyber warfare that many expected, there is no doubt about the cyber capabilities of state actors like Russia or their willingness to use them. It’s commonly accepted that Russia and Ukraine are directly attacking each other in cyberspace, but the risk of potential spillover to other countries – either intentionally in retaliation to sanctions or accidentally – is high (and probably already happening). The NotPetya malware is a perfect example of what this might look like when a cyberattack goes beyond its intended targets.

Ransomware has taken the world by storm – or is it by “worm”
The first ransomware to truly have a global impact was WannaCry in 2017 which affected an estimated 200,000 computers across 150 countries. Since then, instances of ransomware have gotten bigger and bolder, highlighting the threats to software supply chains (SolarWinds, Kaseya) and to critical infrastructure (Colonial Pipeline, Universal Health Services). And now, the tools to conduct ransomware attacks are available to even unsophisticated criminals thanks to “ransomware-as-a-service” schemes.

What do all these changes in the cybersecurity landscape mean for companies and consumers? This increased attack surface, the heightened threat level, and the broad scope of attacks – they all mean the greater population will be affected at some point. Whether that’s seeing a computer screen flashing a ransom note, kids’ schools being shut down due to an attack that came in from a teacher’s home laptop, a parent being unable to receive medical care because the hospital has been locked out of its medical records, or an entire city being without clean water or electricity.

We as PR and marketing teams need to highlight this through our communications efforts. This includes (but is not limited to):

• Elevating relevant security messaging and best practices as often as we can by simplifying the value proposition.
• Raising awareness and building consumer trust by targeting a broad set of applicable outlets (not because it’s our job, but because it impacts us all).
• Building up experts as thought leaders and making them feel accessible and relevant (humanizing security and creating open dialog).
• Shifting away from a product-first mentality to a problem-first mentality. We’re here to help clients solve security challenges for customers. We need to lead with solutions before features and speeds and feeds. Yes, we want to help sell products, but building trust is step one.
• Validating our messages and stories with data. With so much misinformation in the world, presenting and citing data properly to back up claims is critical to building trust.
• Increasing creativity. There is so much security information being pumped toward customers, it’s crucial that we work with clients to rise above the noise and infuse some creativity into our approaches and messages.
• And finally, we need to stay on top of the latest trends and breaking news so we can ensure our clients are relevant to the breaking news cycle. This means a true investment from PR pros to understand the current security ecosystem and events impacting it.

Instead of waiting for a Black Unicorn to gallop in and save the day, we should continue to learn from each other with best-practices in hopes that we can create more concise stories that have a broader impact on the market.