A range of cybersecurity threats exist in the advertising and media sectors, and it is essential to maintain vigilance while keeping cyber safety messaging simple.
The distribution of spam emails via botnets is making it harder for cybercriminals and nefarious actors to infiltrate organizations, while the advertising industry is ripe for malicious advertising, commonly known as ‘malvertising.’
Malvertising is an attack where perpetrators insert malicious code into legitimate advertising networks and typically redirects users to malicious websites. Malvertising can also execute code that installs malware or adware on the user’s computer and or redirects the user to a very similar real site that is a phishing attack.
A digital ad industry group, the Trustworthy Accountability Group (TAG) recently released a set of guidelines intended to teach ad companies how to scan their content for malware or malvertising. The guidelines help ensure the industry is not distributing malware as it is becoming more apparent that the distribution of ransomware is shifting from email to the web.
Good cybersecurity requires a balance between risk and reward; you address the risk by ensuring that you have security controls in place without damaging the business:
1. Patch applications (Flash, web browsers Microsoft Office, Java and PDF viewers) regularly and use the latest version of applications
2. Patch operating systems (including network devices) frequently and use latest operating system versions
3. Restrict administrative privileges
4. Apply multi-factor authentication, even if you operate virtual private networks (VPN’s)
5. Run, daily backups of important/changed data, software and configuration settings
Adequate cybersecurity controls are a business enabler and something you can market your business on based on your excellent cyber hygiene practices. By reducing the risk, you enable the company to take advantage of the opportunity.
Overall, cybersecurity requires a balanced approach to risk and reward. If you make it impossible to deal with your business, you inhibit the ability to grow the company. As a business, the ad industry must ensure they manage the risk and protect consumer information against a range of cyber threats.
Digital Outdoor Advertising Endpoint Threat Vectors
As digital outdoor advertising (DOA) becomes more affordable and increasingly accessible, it also calls for additional attention due to the vulnerability from external parties gaining control of the content.
Cybercriminals are attracted to high profile targets, and DOA generally occupies popular traffic locations. Such prized advertising mediums are attractive to hackers and guerrilla advertisers who may target DOA sites to spread propaganda. Hackers may also target the sites to distribute illicit content such as hardcore pornography or hate speech.
Some of the critical steps to help safeguard DOA are:
1. Using a password manager for your passwords
2. Using a virtual private network (VPN)
3. Avoid using publicly accessible IP addresses
4. Ensure the DOA site is secure from onsite access threats
5. Do not enable Wi-Fi access for support
6. Have a 24/7 365 days of the year response plan to take the compromised DOA offline
Cross-Industry Collaboration Is Critical
Cybersecurity requires the industry to work together and share best practices to help protect against cyber threats and attacks. Collaboration across the ad industry’s cybersecurity teams promotes diverse expertise as one organization cannot manage every danger alone.
We are no longer in an era where in the past car manufacturers gained a competitive advantage by having the ‘safest car.’ As an industry collectively working together, you are mitigating the risk for the greater good and protecting consumers from malicious ads on websites.
The United, States, Australia and the United Kingdom all have excellent cybersecurity websites that have a common goal of protecting their respective countries national security, critical infrastructure, businesses and citizens from cyber threats and attacks:
Department of Homeland Security (Cybersecurity)
Australian Cyber Security Centre
UK National Cyber Security Centre
Take time to review your respective countries cybersecurity websites regularly for updates and subscribe to alerts where applicable.
Overall, if you adopt these strategies, combined with the principle of safety by design, whereby you only use products and or services that have cybersecurity features built-in from the outset and not as an afterthought. You will be taking steps to secure your company from cybercriminals.