The attack on brand reputation and public trust through cybercrime
In the recent cyberattack targeting Vodafone on February 7, the telecommunications company’s services were disrupted, including some emergency services in Portugal, such as ambulances and fire response teams.
However, the impact of this attack extended well beyond the temporary disruption of critical services: propaganda and disinformation spread due to the growing polarization of the geopolitical environment in this time of cyberattacks and of public unrest. Vodafone is one of the private sector’s latest victims of the damaging reputational impact of cybercrime – and it won’t be the last.
The growing sophistication of cyberattacks continues to cripple governments, businesses and critical services, with no end in sight. In addition to public anxiety over heightened tensions between countries, cybercriminals have a chilling opportunity to disrupt the reputations of private critical infrastructure companies, undermine public trust and spread dangerous propaganda narratives.
People are talking
In the week after Vodafone’s breach, conversations related to the company’s cyberattack skyrocketed online. A quick, real-time snapshot of digital public conversation related to Vodafone Portugal showed that almost 13,000 conversations reaching an audience of over 13 million users instantly produced a complex and critical debate about Vodafone. In the resulting digital sphere related to the affected business, three out of five conversations related to Vodafone and the cyberattack mentioned the resulting attack or service outage. This is where IO hybrids are most barbed – the reputational impact and discord generated as a result of the digital conversation can often be more damaging than the incident itself.
Although large areas of online conversation consisted of expected topics following a cyberattack – such as Vodafone employees informing individuals of the service failure and/or promoting other corporate messages ( 17.8%) – other vulnerable narratives quickly emerged. Critical comments and conversations included customers complaining about service interruption and, in some cases, demanding financial compensation (10.3%), and citizens accusing Vodafone Portugal and its CEO (8%). Unfortunately, the third largest community of users was made up of citizens questioning the cyberattack and associating it with an alleged attempted terrorist attack at a university in Lisbon (8%). Others included mocking Vodafone (5.1%), while some users were concerned and feared the potential for additional attacks (3.6%).
In the case of Vodafone, the cyber incident has created negative and often false socio-political perceptions and skepticism in Portugal, heightening and aggravating a geopolitical risk that is often the focus of state threat actors. As tensions and fighting between Russia and Ukraine continue to rise, the number of carefully targeted cyberattacks aimed at creating confusion, hampering communications and disrupting public trust in key institutions will also increase.
The threats against Portugal and Ukraine are a foreshadowing of what is likely to emerge in other Western countries over time. In late February, the FBI signaled that US private sector companies should be prepared for state-sponsored cyberattacks by Russia.
The strategy behind cybersecurity attacks continues to evolve – in recent years Russia has used “hybrid warfare” by combining cyberattacks with military activity. The Russian military also continues to use information operations and information confrontation to create doubt and skepticism about the truth. Now, with the ongoing Russian invasion of Ukraine, the implications of cybercrime during times of global and local crisis put private and public sector organizations at risk against threat actors who will take advantage of this period of weakness, of paranoia, public skepticism and fear.
On February 23, hundreds of Ukrainian computers were the target of a data erasure software attack that affected a government agency as well as a financial institution. The attack spread outside the country. Although Russia is primarily blamed as the entity behind the cyberattack, any threat actor could take advantage of this time of confusion and uncertainty to execute attacks for financial or political gain.
Private companies, especially those that provide critical services, must strategically prioritize responses and defenses against cyber threats. The key to successful defense includes the continuous detection of threats to employees that are tied to critical infrastructure in industries such as energy, telecommunications, healthcare, and financial services, among others. These industries and their employees are consistently identified as high-value targets in hybrid cyber warfare operations.
How can we fully prepare for these attacks?
Responsiveness is simply not enough. To fully prepare for possible attacks and identify unknown vulnerabilities, organizations need to implement real-time monitoring of these reputational risks, including before and after cyberattacks. As we anticipate possible threats to the United States and other countries in 2022, the assessment of the resulting reputational damage and security risks, as well as the propaganda effect of the attack, will be an important element in informing an effective and data-driven threat. response strategy.