The Role Of Marketing In Cybersecurity
Marketing has evolved tremendously since I started my career. Marketers are now consuming more than their fair share of technology solutions, and their departments have become technology factories, increasingly depending on various applications to help automate, measure and analyze marketing functions. And with the introduction of new technologies, marketers are creating an avenue that makes them an attractive target for hackers.
This begs the question: How has marketing’s role shifted over time? I discussed this briefly with Forbes contributor Kimberly Whitler back in June and thought it was worth a revisit, especially as we look to the new year and the ways in which hackers will continue to evolve their tactics.
The Three Roles Of Marketing In Cybersecurity
Marketing can play three roles in a company’s cybersecurity posture, either by being a target for hackers, a risk for enterprises or, on the opposite end, an advocate and champion for cybersecurity awareness.
1. Marketing As The Target
Security experts are quick to point out that marketers make a particularly easy target for hackers looking to compromise a company’s cybersecurity program or to steal some lucrative data, as one of our recent surveys found out. After all, marketers are more accessible by trade and tend to have a larger presence on social media sites like LinkedIn and Twitter, sharing more personal information than many of their counterparts in an organization. This proliferation of information can be an easy exploit for hackers looking to social engineer their way inside a company.
Marketers also tend to work with a lot of outside vendors and partners, requiring the exchange of sensitive data across different applications, many times outside of IT’s purview. Social engineers use this to their advantage, sending malicious invoices or forms via email attachments that will easily inject malware into a marketer’s computer if the user doesn’t recognize the file to be unsafe. And regardless how aware marketers may be about cybersecurity, they will eventually fall into these traps.
2. Marketing As The Risk Factor
The marketing technology map today is dizzying, and the increase in technology solutions can expose companies to a great deal of risk. With the pressure on marketing teams to do more with less and to demonstrate program ROI, marketers are eager for new technology solutions to optimize their campaigns and to work more efficiently and effectively. But these solutions are not without risk. It is critical that the marketing organization understands the importance of working with IT on security protocols when introducing new technology to the organization for the security of the overall business.
As CMO, part of my job is to make sure we are not creating more risk for the company, especially as the marketing organization goes through its own digital transformation. Just like we partner with the sales organization, we also partner with IT to make sure we are reducing — and not introducing or adding — risk to the organization. This is why we work with our internal CISO’s security council before acquiring and using any software or services, train our team regularly on the inherent security risks and provide checks and balances for each other when we are running fast.
3. Marketing As The Champion
Marketers can resign themselves to being targets or risk factors, or they can become champions of the CISO’s office. Creating a culture of cybersecurity in an organization requires the talent of a marketing department that, campaign after campaign, will reiterate the importance of security training, good password hygiene, physical security enforcement, social engineering awareness and so on. It may be an odd concept to team up the CISO and CMO teams together, but in our company, whose sole focus is security and where both the CIO and CISO are key participants in our marketing strategy and tactics, it has become a very natural thing. Our marketers pride themselves on avoiding social engineering traps and complying with security technology council rules. These marketing employees are the best megaphones a CISO can find to recruit more champions or — as we call them at SailPoint — “security heroes” in the organization.
The Bottom Line
Today, marketing is still perceived as a risk in an organization’s security posture, and marketers have become accustomed to being tagged as potential targets. But I believe it is time for us marketers to rethink the way we approach cybersecurity and to work in concert, not tangentially, with IT. This means embedding security into everything that marketing does and becoming real stewards of company data, leading the rest of the company to follow suit.
This article originally appeared on Forbes.com.