Connect with us

Strategies

10 Security misperceptions that need to be addressed immediately

The list is based on the experience of Sophos Rapid Response, a team of expert incident responders who deliver fast assistance in identifying and neutralizing active threats such as malware infections, compromised data, or unauthorized access, among others.

Published

on

Photo by Mimi Thian from Unsplash.com

With June marking National ICT Month in the Philippines and the Department of Information and Communications Technology (DICT) adopting the CHIP (Connect, Harness, Innovate, and Protect) framework for digital transformation and underscoring the value of protection,  Sophos compiled   a guide for Filipino businesses so they can avoid  today’s most commonly held security misperceptions.

The list is based on the experience of Sophos Rapid Response, a team of expert incident responders who deliver fast assistance in identifying and neutralizing active threats such as malware infections, compromised data, or unauthorized access, among others.

Misperception 1: We are not a target. We are too small or have no assets of value to an adversary 

Sophos Advice: Many cyberattack victims assume they are too small, in a sector of no interest, or lacking the kind of lucrative assets that would attract an adversary. The truth is, it doesn’t matter. If you have the processing power and a digital presence, you are a target. Despite the media headlines, most attacks are not perpetrated by advanced nation-state attackers. They are launched by opportunists looking for easy prey and low-hanging fruit, such as organizations with security gaps, errors, or misconfigurations that cybercriminals can easily exploit. 

Misperception 2: We don’t need advanced security technologies installed everywhere 

Sophos Advice: Some IT teams still believe that endpoint security software is enough to stop all threats or don’t need security for their servers. Attackers take full advantage of such assumptions. Any mistakes in configuration, patching, or protection make servers a primary target, not a secondary one, as might have been the case in the past.

Based on the incidents that Sophos Rapid Response has investigated, servers are now the number one target for attacks. Attackers can easily find a direct route using stolen access credentials.  Suppose your organization relies only on basic security without more advanced and integrated tools such as behavioral and AI-based detection and a 24/7 human-led security operations center. In that case, intruders will likely find their way past your defenses.

Misperception 3: We have robust security policies in place 

Sophos Advice:  Having security policies for applications and users is critical. However, they need  to be checked and updated constantly as new features and functionality are added to devices connected to the network. Verify and test policies using techniques such as penetration testing, tabletop exercises, and trial runs of disaster recovery plans. 

Misperception 4: Remote Desktop Protocol (RDP) servers can be protected from attackers by changing the ports they are on and introducing multi-factor authentication (MFA) 

Sophos Advice: The standard port used for RDP services is 3389, so most attackers will scan this port to find open remote access servers. However, the scanning will identify any available services, so changing ports offers little or no protection on its own. 

Further, while introducing multi-factor authentication is essential, it won’t enhance security unless all employees and devices enforce it. RDP activity should occur within the protective boundary of a virtual private network (VPN). Still, even that cannot fully protect an organization if the attackers already have a foothold in a network. Ideally, unless its use is essential, IT security should limit or disable RDP internally and externally.

Misperception 5: Blocking IP addresses from high-risk regions such as Russia, China, and North Korea protects us against attacks from those geographies 

Sophos Advice:  Blocking IPs from specific regions is unlikely to do any harm, but it could give a false sense of security if it’s the sole means of protection. Adversaries host their malicious infrastructure in many countries, with hotspots in the US, the Netherlands, and the rest of Europe. 

Misperception 6: Our backups provide immunity from the impact of ransomware 

Sophos Advice: Keeping up-to-date backups of documents is business-critical. However, if your backups are connected to the network, then they are within reach of attackers and vulnerable to being encrypted, deleted, or disabled in a ransomware attack. 

Storing backups in the cloud also needs to be done with care. The standard formula for secure backups to restore data and systems after a ransomware attack is 3:2:1. Three copies of everything, using two different systems, one of which is offline. 

Having offline backups in place won’t protect your information from extortion-based ransomware attacks, where the criminals steal and threaten to publish your data instead of or as well as encrypting it. 

Misperception 7: Our employees understand security 

Sophos Advice: According to the State of Ransomware 2021, 22% of organizations believe they’ll be hit by ransomware in the next 12 months because it’s hard to stop end users from compromising security. 

Social engineering tactics like phishing emails are becoming harder to spot. Messages are often hand-crafted, accurately written, persuasive, and carefully targeted. Your employees need to know how to spot suspicious messages and what to do when they receive one. Who do they notify so that other employees can be alerted? 

Misperception 8: Incident response teams can recover my data after a ransomware attack

Sophos Advice: This is very unlikely. Attackers today make far fewer mistakes, and the encryption process has improved, so relying on responders to find a loophole that can undo the damage is extremely rare. Automatic backups like Windows Volume Shadow Copies are also deleted by most modern ransomware and overwriting the original data stored on disk, making recovery impossible other than paying the ransom. 

Misperception 9: Paying the ransom will get our data back after a ransomware attack 

Sophos Advice: According to the State of Ransomware survey 2021, an organization that pays the ransom recovers on average around two-thirds (65%) of its data.  A mere 8% got back all of their data, and 29% recovered less than half. Paying the ransom even when it seems easier and covered by your cyber-insurance policy is therefore not a straightforward solution to getting your data back. 

Misperception 10: The release of ransomware is the whole attack – if we survive that we’re OK 

Sophos Advice: Unfortunately, this is rarely the case. Ransomware is just the point where the attackers want you to realize they are there and what they have done. 

The adversaries are likely to have been in your network for days if not weeks before releasing the ransomware, exploring, disabling, or deleting backups, finding the machines with high-value information or applications to target for encryption, removing information, and installing additional payloads such as backdoors. Maintaining a presence in the victim’s networks allows attackers to launch a second attack if they want to. 

Strategies

Think before you design your brand’s logo: Marketers can capitalize on power of perception to influence beliefs about brand performance

Brands may want to consider using design elements that encourage structured/unstructured perceptions of logos, products, product packaging, and retail store design if their brand is primarily associated with utilitarian/hedonic benefits.

Published

on

Researchers from Oklahoma State University and University of Florida published a new Journal of Marketing article explaining how marketers can capitalize on the power of perception through the structure of visual communications to influence beliefs about brand performance, which ultimately influences product interest and choice.

The study, forthcoming in the Journal of Marketing, is titled “Marketing by Design: The Influence of Perceptual Structure on Brand Performance” and is authored by Felipe M. Affonso and Chris Janiszewski.

Brands are constantly updating their visual identities. Intel recently went through its third visual brand identity refresh in half a century and its new logo has iconic symmetry, balance, and proportion. The underlying geometry is apparent in the design. Could visual design characteristics influence consumers’ perceptions about the brand?

This new study finds that a sense of order and structure can reinforce claims about a brand’s utilitarian benefits. Intel’s visual marketing not only communicates the company’s vision and positioning, but also reinforces them through specific design properties. The researchers identify a variety of design properties that can influence perceptions of structure in visual elements, including symmetry, balance, geometry, regularity, proximity, and similarity.

It is well known that customers are subliminally influenced by visual marketing tools such as logos, packages, and retail displays; they use them as a basis to make judgments about brands delivering on their promise. We find that for brands that promise utilitarian (functional, instrumental, and useful) benefits, consumers are encouraged by visual designs perceived as more orderly and structured. This suggests marketers can capitalize on the power of perception to influence beliefs about brand performance, which ultimately influences product interest and choice.

Utilitarian vs. Hedonic Brands

At the other end of the spectrum are brands, such as Pepsi, which promise benefits related to enjoyment, pleasure, and experiences—collectively referred to as hedonic benefits. In this case, marketers can benefit from using visual design properties that convey lack of structure. The visual elements of Pepsi’s marketing communications are relatively more asymmetric, free-flowing, unbalanced, and irregular. The research suggests that these characteristics reinforce consumers’ beliefs about the performance of hedonic-positioned brands.

As Affonso explains, “We find that visual design characteristics that encourage structured perceptions of visual communications, such as high proximity, high similarity, and symmetry, can reinforce beliefs about utilitarian-positioned brand performance. On the other hand, visual design characteristics that encourage unstructured perceptions of visual communications, such as low proximity, low similarity, and asymmetry, can reinforce beliefs about hedonic-positioned brand performance. These reinforcements occur because structure and lack of structure have specific associations that consumers use to make inferences.”

These suggestions are supported by a series of carefully designed experiments, both in the lab and in the field, and an analysis of industry data. First, in a large-scale field experiment when a perfume was positioned as utilitarian (“Long-lasting. Great for work and everyday occasions”), consumers were more likely to click on the advertisement depicting the perfume with a visual design perceived as more structured than its unstructured counterpart. When the perfume was positioned as hedonic (“Delightful. Great for special and fun occasions”), consumers were more likely to click on the advertisement depicting the perfume with a visual design perceived as more unstructured than its structured counterpart.

Second, when consumers made choices considering functional goals (such as choosing a restaurant that provides a fast and reliable experience), they were more likely to pick a restaurant perceived as structured. However, when the choice involved hedonic goals (such as choosing a restaurant providing an entertaining and exciting experience) they were likely to pick the option perceived as unstructured. Importantly, the research finds that these effects, across a variety of visual marketing communications, induce a structured versus unstructured perception in different ways.

Finally, for brands perceived as more utilitarian, structured perceptions are associated with greater financial brand valuation and customer-based brand equity than unstructured perceptions. The opposite is true for brands perceived as more hedonic.

“Our research offers actionable insights for marketers and visual design specialists working with design, advertising, social media communications, visual merchandising, and the appearance of retail environments. Specifically, the findings suggest that perceptual structure can be used as an efficient marketing communication tool. And it can encourage consumers at the point of purchase, being a relatively costless way to reinforce brand positioning,” says Janiszewski.

Lessons for Chief Sales Officers

  • Brands may want to consider using design elements that encourage structured/unstructured perceptions of logos, products, product packaging, and retail store design if their brand is primarily associated with utilitarian/hedonic benefits.
  • The implications extend to many other visual marketing communications, including print advertisements, website layouts, and app user interfaces. Marketers can take advantage of our findings and anticipate the consequences of key visual design decisions.
  • Brands could benefit in the long term from shifting the structure of their visual marketing communications to align with their brand positioning.

Continue Reading

Strategies

When do you ask for customer reviews? In many cases, sooner may not be better

The lesson for online marketplaces is that it is counterproductive to blindly adopt “faster is better” or “one-size-fits-all” approaches. Instead, companies should reevaluate their current practices and adjust the timing of review reminders to specific consumer target groups in order to elicit more consumer feedback.

Published

on

Researchers from University of Nevada Las Vegas, Shanghai Jiao Tong University, Arizona State University, and KAIST College of Business published a new Journal of Marketing article that examines when is the right time for businesses to send review reminders to customers. The study is titled “Ask for Reviews at the Right Time: Evidence from Two Field Experiments” and is authored by Miyeon Jung, Sunghan Ryu, Sang Pil Han, and Daegon Cho.

Popular websites such as TripAdvisor, Hotels.com, and Booking.com send notifications to customers immediately following checkout, requesting reviews about their recent experience and other feedback. Many firms send automated emails or mobile push notices after a purchase to learn about customers’ recent experiences with the product. This raises the important question: When should companies send out review requests?

The research team examines how the timing of review reminders affects the likelihood and quality of product review postings. Issuing review reminders immediately or shortly after purchase of a product or vacation experience may threaten a consumer’s freedom and prompt an adverse reaction. Therefore, some companies send review requests at a later point to revive customers’ memory of their experience.

“Consumers’ reactions and memories are influenced by the temporal distance between a product experience and reminder. The likelihood of writing a review decreases as time passes because consumers’ recall becomes blurry. This is more of a reason for companies to find the fine balance between asking for reviews too soon and waiting too long, both of which affect the quality of reviews,” says Jung.

Sooner Is Not Necessarily Better

The researchers performed two randomized field experiments with over 300,000 consumers from online marketplaces offering different types of products. The first experiment involved consumers from South Korea’s largest online travel marketplace where consumers can book flights, hotels, and guided tours using the company’s website or mobile app. Four distinct timing classifications for review reminders were used: next day, five-day, nine-day, and 13-day intervals after the product experience. Consumers were randomly assigned to the treatment group (which received a review reminder) or control group (which did not receive a reminder) for each timing classification.

The second field experiment studied consumers in a major South Korean online apparel marketplace. Four distinct timing classifications were again used, but with different time intervals than the first experiment. Across both experiments, the team investigated the temporal effects of review reminders on the quality of the reviews.

Ryu states that “Our findings demonstrate that requesting a review as soon as possible is not the best strategy. We find that reminders cause problems when they are sent faster than the number of days it takes, on average, for customers to write a review.” For example, if a customer orders clothing online, it is too early to send a review reminder the day the product is delivered because people need sufficient time to try the item on and evaluate its quality.

Lessons for Chief Sales Officers

  1. Even though the standard for when it is too early may vary by product type and customer heterogeneity, it may be acceptable to send an early reminder in the case of search goods (e.g., paper towels, bottled water, and canned soups) because consumers have a clear understanding of the products and a high degree of certainty that it will be useful after an initial trial. In contrast, for experience goods (e.g., restaurants, beauty salons, travel), it may be prudent to provide consumers enough time to evaluate the product before sending a review reminder.
  2. “Our results indicate that overly quick reminders are particularly detrimental for businesses with young consumers,” says Han. For example, Generation Z has always used digital platforms and is independent and pragmatic. In this sense, prompt reminders may be prone to violating their autonomy and freedom. In other words, the negative impact of an immediate review reminder may be disproportionately greater for younger individuals.
  3. Cho explains that “As for the impact of review reminders on review content, we find delayed review reminders can alleviate the poor quality of delayed reviews. However, except for review specificity, the timing of review reminders has a negligible effect on review content such as ratings, sentiment, or length.” In other words, the content of reviews does not change between those who wrote them after the reminder and those who wrote them without the reminder.

The lesson for online marketplaces is that it is counterproductive to blindly adopt “faster is better” or “one-size-fits-all” approaches. Instead, companies should reevaluate their current practices and adjust the timing of review reminders to specific consumer target groups in order to elicit more consumer feedback.

Continue Reading

Strategies

Shoppers more likely to buy on ‘special’ day-themed promotions

Consumers are more likely to respond favorably to a discount celebrating a special day compared to the same discount with no link to a special day. The key is that consumers must find the promotion to be both original and appropriate, Zane said. For example, a spa pedicure discount on National Barefoot Day, versus a discount on clothing in celebration of a national food day.

Published

on

Call it “having their ‘Pi’ and buying too.” A new study finds that consumers are more likely to make purchases during promotions tied to a special day, like Pi Day (March 14), than during regular holiday or non-distinctive day promotions.

Researchers describe their findings in a paper, “Promoting Pi Day: Consumer Response to Special Day-Themed Sales Promotions,” published in the Journal of Consumer Psychology.

“We found that special day-themed sales promotions lead consumers to be more likely to use the discounts to make a purchase compared to the more standard promotions,” said Daniel Zane, assistant professor of marketing at Lehigh University, who authored the paper with Rebecca Walker Reczek of The Ohio State University and Kelly Haws of Vanderbilt University. “We also discovered that the positive consumer response to special day-themed promotions is essentially driven by consumers’ rewarding marketers for their creativity in providing a way to celebrate the special day.”

While many consumers associate discounts with traditional holidays and sales events such as Black Friday, Labor Day and Back to School, firms often now link discounts to “special days,” novel holidays not historically associated with promotions. 

Think pizza and pie promotions or 31.4% discounts for Pi Day, the annual celebration of the mathematical constant Pi (3.14…). Or sales on apparel, games or toys for Mario Day (MAR10) and Star Wars Day, May 4 (May the Fourth Be With You). Companies may tie promotions to National Ice Cream Day, National Dog Day, their founder’s birthday or the anniversary of a customer’s first purchase. Lands’ End created its own special day when it launched National Swimsuit Day.

First research to explore special-day promotions

The proliferation of special day-themed promotions in the marketplace – including in social media and e-commerce – inspired the researchers to explore whether the companies using them were seeing a benefit, such as increased sales, new customers and more brand loyalty. They are the first to systematically study the effects of special day-themed sales promotions, and the study is the first to explore how consumers’ perceptions of marketers’ creativity in linking promotions to special days can influence purchasing behavior.

Using field and laboratory studies, the researchers randomly showed participants one of two versions of a promotion, either a special day-themed promotion or a more traditional promotion, and assessed their intentions to use the discount to make a purchase. In one experiment, they found that consumers report being significantly more likely to make a purchase from a company when offered the National Picnic Day Sale, compared to the same discount framed as an Annual One Day Sale.

In another study, they partnered with a firm and found that consumers who received a 25% discount by email in celebration of the day that a company adopted its mascot dog were nearly twice as likely to click a link in the email to shop on the company’s website compared to those who received an equivalent discount with no mention of the dog’s special day. The effect held for national special days as well as special days more personal to an individual consumer, like the anniversary of their first purchase with the company. 

Their findings show that consumers are more likely to respond favorably to a discount celebrating a special day compared to the same discount with no link to a special day. The key is that consumers must find the promotion to be both original and appropriate, Zane said. For example, a spa pedicure discount on National Barefoot Day, versus a discount on clothing in celebration of a national food day.

Creative, appropriate promotions drive engagement

When consumers see a high fit between a firm and a special day-themed promotion, the perceived creativity drives increased intentions to use the promotion, the researchers said. However, when consumers see a low fit – even with the positive influence of creativity – the perceived inappropriateness “ultimately hurts purchase intentions enough to cancel out any positive effect of originality,” they said.

It’s known that more traditional sales promotions can generate negative thoughts about a firm because consumers assume marketers are just trying to persuade them to spend money, or they suspect the company is trying to unload old inventory, Zane said.

“Perhaps the most surprising aspect of this research was what we found to be the psychological driver of consumers’ positive response to special day-themed promotions,” he said. “They actually think about how the marketer who created the special day-themed promotion was creative in providing a way to celebrate the special day. In essence, consumers then reward marketers for their creativity by being more likely to use a special day discount to make a purchase from that company.”

Knowing the impact that special day-themed sales promotions have on shopping behavior can benefit both marketers and consumers, Zane said. For marketers and businesses, there is promise for increased sales, new customers and more engagement tied to such promotions. “The findings suggest that linking a discount to a company-generated special day can positively impact real customer behavior,” the researchers said. “It is possible that consumers who receive special day-themed discounts may feel they are unique or in an exclusive subset of consumers receiving the promotion.”

With technology and availability of customer data, there are growing opportunities to create special days and promotions specific to a customer’s interaction with a company, which may show additional potential, Zane said.

“For consumers, this work can perhaps help them reflect on the many hidden forces that shape our marketplace behaviors,” he said. “Being aware of this might help curb unnecessary or impulsive purchases.”

That’s knowledge as sweet as Pi.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending