The Year of the Breach

Dave Lewis
Oct. 26, 2011 by Dave Lewis

One of the main topics for discussion at last week’s OTA Forum in Washington D.C. was the rash of security breaches targeting ESPs over the past year. We heard a lot from concerned brands and service providers about the nature of the threats, and the measures they can take to representatives of government on breach reporting and other regulatory remedies. I’m sure this will be a major topic of discussion at MAAWG this week in Paris as well.

Some industry organizations, such as the OTA and ESPC, have issued best practice guidelines to help enterprises and ESPs better protect their systems and data assets. And ESPs have begun to put competitive differences aside in comparing notes on common threats and challenges. Notable too is the consumer education initiative, “Why Your Browser Matters,” launched last month by the major browser providers (Google, Microsoft, Mozilla and Opera) and supported by various industry groups and major brands.

Yet, despite these positive indicators, I believe any casual observer of our industry would conclude that our response to this ‘clear and present danger’ has been uneven, fragmented at best. There’s been much alarmist talk, hand wringing and chest thumping, but little definitive action. As marketers, we persist in the belief that security is someone else’s problem and seem content to bury our heads in sand hoping against hope that the bad guys will pass us by.

To me, this is lunacy. When you examine the nature of the threat posed by spear phishing and its ramifications for our trust relationships, I think you’ll conclude as I have that this is a survival issue for our discipline and medium, regardless of where we fit in the ecosystem. Marketers must become be the biggest proponents of security and its most vocal champions.

And this brings me the point of this post.  Ever since the Epsilon breach earlier this year, there’s been much lively discussion within the marketing community on the best way forward to more secure messaging. My friend Dela Quist from Alchemy Worx has proposed a tsunami warning system or a ‘threat clearinghouse’ through which all members of the community would openly share news of breaches or suspected malicious activity. While such a system is definitely needed, realistically I’m not convinced the infrastructure is in place to quickly get a functioning system into place.

What I do think we can do in the near term, however, is to raise awareness in the industry, help it shake off the collective complacency and rally it to action. Because the reality is that the bad guys won’t pass us by if we’ve got the data they want or can provide access to someone who does. These guys are smart, they know how the email and online marketing ecosystems work. Heck, they’re using our own tactics against us. They prosper at our expense; thrive on our inaction and fragmented response.

Toward this end, Message Systems has just issued a new white paper on how enterprises and ESPs can safeguard their message streams from a technology standpoint. We know that security isn’t just a technology issue, but believe that the ‘right’ messaging technology framework is required to make best use of the guidelines issued by the OTA, ESPC and others. What we’ve tried to do in this paper is repurpose what we’ve learned in helping ISPs and carriers counter similar threats to the challenges now facing enterprises and ESPs. Our motivation is to spark industry dialogue on how to best respond to the threat we collectively face.

So I’d encourage you to read the white paper: Safeguarding Message Streams for Enterprises and Email Service Providers. And let’s keep the discussion going. We’d love to hear from you in the comments. Where do you think we need to go from here?  We can’t change the reality of 2011 being the ‘Year of the Breach.’  But what we can do is make 2012 the ‘Year of Safe & Secure Messaging.’

1 Comment

Related Content

How to Protect Your Personal Devices From Online Security Threats

With the slew of new technology gadgets, there is an increased risk of mobile and online security threats. Here are a few tips to keep your devices safe.

read more

5 Best Practices for Security Notifications

Learn the 5 best practices for security notification emails that product teams can use to build user trust and confidence.

read more

What GoT’s Casterly Rock Can Tell SaaS About Email Security

The defenses and vulnerabilities of castles in Game of Thrones should be a warning for SaaS providers about phishing and email security.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Free

Send this to a friend