By Remi Roques, GM Broadsign APAC.
In February of 2021, a DOOH-network in Zurich was hacked, with the hijackers putting pornographic content up on the screens. And just recently, an Outdoor billboard in North Carolina was hacked, this time made to display Joe Biden memes.
These incidents are representative of an unexpected trend of the COVID-19 pandemic: A sharp increase in cybercrime, including in the digital out-of-home space.
According to PurpleSec, cybercrime is up by 600% since the beginning of the pandemic, and this elevated level of criminal activity is expected to continue even as pandemic recovery picks up steam.
This means that now more than ever, it’s important for both media owners and advertisers - across every advertising platform - to be proactive in protecting their brands from cyber threats. Exposing the value of a brand to weak security is simply not worth the risk.
In advertising, including Digital Out-of-Home there are some critical elements of business that are at stake when dealing with cybersecurity considerations.
One of the most serious - and visible - risks relates to the display of incorrect, inappropriate, or damaging advertising content. This can have a devastating impact on advertisers, agencies, and media owners, and should be treated as a priority consideration. Hacking incidents involving the display of improper content have a tendency to go viral online, giving media owner and buyer alike attention for all the wrong reasons.
Other types of information that can potentially be compromised by lax security include:
- Campaign budgets
- Advertising spend
- Upcoming campaign creative executions
- Campaign performance reporting
If outsiders got access to this type of information, the effect would jeopardise a company’s reputation as well as have a negative impact on its overall competitiveness. Leading media owners understand this, and make sure that security is a top-ranked requirement within their business operations.
But what kinds of cyberattacks, exactly, do media owners and advertisers need to prepare for? Here are the six most common.
- Malware - Computer programs that are designed to damage or perform unwanted activity on a computer; common examples include viruses, worms, trojan horses, spyware, and ransomware.
- Phishing - Phony emails, phone calls, and other trickery meant to harvest sensitive personal information, steal money, or install malware on the victim’s devices.
- Password attacks - These involve a third party trying to gain access to your systems by cracking a user’s password.
- Denial of service attacks - Attacks involving high volumes of data or traffic sent through a network until the network becomes overloaded and can no longer function.
- Man in the middle (MITM) - This is where information is obtained from the end user and the entity the user is communicating with by impersonating the endpoints in an online information exchange (for example, a connection from a smartphone or website).
- Drive-by downloads - Involves a program automatically downloading to a user’s system just from them visiting a site that hosts the malware. It doesn’t require any type of action by the user to trigger the download.
So, knowing what we’re up against, what are some of the things we can do to ensure good information security practices in advertising?
The first and most important thing to note is that when it comes to information security controls, people are the weakest link. Staff often take cybersecurity a little too lightly and forget how important it is to do even the most basic things, like using unique, secure passwords for every separate login. In web-based platforms, weak and duplicated passwords can make it easier for hackers to access information systems. And if people don’t bother to even use secure passwords, you can expect they’ll fall for some of the sneakier tricks I mentioned above.
This is why conducting regular awareness training with your staff is one of the best first steps towards keeping your software and services secure from trouble. It can also be useful to distribute permissions to different members of your team in order to minimize the impact of a single security breach. For example, one employee can be granted access rights to book media in an information system, while another employee holds the access for reviewing and approving the campaign designs.
There are many other security measures that are also worthwhile, but one key element is to work with software suppliers who themselves have proper security standards as demonstrated by independent auditing. For example, in order to help advertisers manage their information security, Broadsign took the step of being verified for the SOC 2 certification.This is an auditing procedure that ensures our clients’ data is securely managed to protect their interests and privacy. We are also in the process of securing our ISO 27001, an international certification for information security.