As businesses are recovering in a post-lockdown world to focus on generating more profits, cybersecurity, especially within the martech stack, might be something that's easily overlooked, especially for small and medium businesses (SMBs).
Every business, regardless of size, is vulnerable to cyberattacks. If you think your business is "too small" to be of concern, then you're very wrong. In fact, small and medium businesses are most vulnerable to cyberattacks, due to generally weaker cybersecurity, coupled with access to the same data and information bigger companies have.
As with the rest of your digitized operations, your martech stack is not exempted from cyberattacks either – so it's imperative that organizations learn how to secure their martech stacks from cyberattacks.
Cyberattacks on the rise
The world has witnessed a surge in cyberattacks against businesses since the start of the pandemic.
A study by Check Point revealed that cyberattacks on corporate networks per week increased by 50% in 2021 than attacks recorded in 2020. The cybersecurity solution company found that one in every 61 organizations globally are attacked by ransomware every week from 2020 to 2021. Its data also showed that the highest number of cyberattacks per week happened in the 4th quarter of 2021, with 925 attacks per week per organization.
Cybersecurity Ventures predicted that the global cost of cybercrime would grow by 15% yearly. It warned that the annual cost of cybercrime would reach US$10.5 trillion by 2025, up from US$3 trillion in 2015. The company added that the global cost of cybercrime hit US$6 trillion in 2021 and noted that if cybercrime were a nation, it would have been the world’s third-largest economy behind the United States and China.
Your martech stack is not exempt
Like any other technology, your martech stack is vulnerable to cyberattacks since it is also online – and anything online today can be hit by cyberattacks. Attackers are not only targeting computers, but have expanded into targeting smartphones, mobile devices, cars, and many more.
The problem is, these things, in one way or another, are connected to corporate networks. Most of the time, your martech stack contains personal information related to your business, such as your customers, vendors and clients – and these data can be worth a pretty penny to these cyber threat actors.
Recently, a daily newspaper in the United Kingdom reported that the medical and health records of 9.7 million Australians were leaked on the dark web. It happened after the Australian private health insurer refused to pay the US$9.7 million ransom being demanded by cyber attackers.
Securing your martech stack from cyberattacks
Here are three strategies that you can consider when it comes to securing your martech stack from cyber threats.
Assess third-party platforms and tools
Martech platforms may be essential tools for marketers, but they pose many security challenges since they are SaaS (Software as a Service).
Hence, before deciding to use the service of a third-party platform, it is essential to assess the platform's security features thoroughly to determine if you need to implement added security measures.
Also, you could be subject to liability clauses in case a data breach occurs – hence it would be vital to check if the service provider has ISO 27001 certification and international cybersecurity and data protection standards.
Use multi-factor authentication
Most martech tools require users to login to use the service or software. But having a strong password of at least 12 alphanumeric characters isn't enough – it's also important to have multi-factor authentication, or, MFA, when services are accessed.
MFA means having more than one authentication for access, which means requiring the user to authenticate their login through other means such as via sending a code through email or SMS messages (the latter of which is largely unsafe, FYI); using an authenticator app (aka authy) such as Google Authenticator; using biometrics (e.g. retinal, fingerprint or facial scan), or requiring a physical authenticator device such as YubiKey.
Most modern platforms encourage the use of 2FA (two factor authentication) with their own authentication methods embedded inside.
If a service fails to provide at least another layer of authentication, then it's a red flag.
Limit user access
It is a common practice that multiple employees can access a martech platform using a shared login credentials. A good defense from cyberattacks is to allow only a few individuals to have access to the platform.
Another is to have unique login credentials for each user so you can monitor and track who is accessing the platform.
You could also implement controls on what features each user can access – called role-based access. For example, for a media website, writers can upload their drafts on the platform but not have the ability to access anything else, including publishing, editing or deleting pages or drafts based on the role they are given (which is usually the lowest).
It is also advisable to have a master account that can track and control the individual accounts for the various martech tools and platforms.
Prevention is still better than cure
No one is exempted from ransomware or data breaches – one breach in your platform might cost your organization a great deal, not just in money, but in lost trust and confidence from customers.
Therefore, it is always better to prepare for any cyber threats by identifying vulnerabilities and implementing measures that could lessen the likelihood of cyberattackers affecting your platforms.