Why advertising and media agencies are so appealing – and vulnerable – to hackers

The advertising industry has known for years that it was a prime target for a cyber-attack and this week that fear became a reality when a number of WPP companies were struck by a major ransomware cyber-attack.

The cyber-attack at WPP agencies such as MediaCom, JWT and Y&R (part of an attack on companies across the globe) froze users’ computers and demanded an untraceable ransom to be paid in Bitcoin.

While governments and the energy sector may be seen as the number one targets for hackers, with the prize of potentially bringing the country to a standstill, advertising businesses, particularly a big holding group like WPP, are also an enticing target.

Principally, this is because of the sheer volume of consumer data they hold – millions of IP addresses and device ID profiles, compromising not only the security of the advertising or media agency but also potentially the security of the individuals’ data it holds.

Secondly, advertising agencies are also exposed to cyber-attacks because a large chunk of their business is run online and, for a large holding company like WPP, this means it has a huge online surface to rebuff attackers wanting to raid consumer data and possibly other data, such as potentially lucrative financial information.

Thirdly, WPP is a FTSE 100 giant and the poster boy for UK advertising which reaches millions of people around the world through its adverts, with an opinionated chief executive in Sir Martin Sorrell.

Such a company therefore represents a scalp for hackers, who might not agree with an economic or political stance it has taken and want to do it reputational damage or manipulate public opinion.

Details about Tuesday’s breach are still hazy but it’s telling that the hack did not impact systems or computers that had operating system patches distributed by Microsoft in the wake of its last ransomware attacks.

This tells me that businesses like WPP are acutely aware of the dangers of cyber-crime and are demanding that its agencies are on top of it.

WPP hasn’t confirmed whether the cyber-attack has attacked its trading desks and data management platforms (DMPs) but the mood music seems to be suggesting that the attacks has been dealt with a minimum of detrimental impact.

However, if there had been a serious DMP breach then WPP would be spun into fire-fighting mood, as a tsunami of unidentifiable data could be shared online.

Although this data isn’t uniquely identifiable to individual users, it does includes IP addresses and mobile and device ID profiles among other data which makes users targetable through online means.

And as trading desks are collecting billions of different data points from client websites, retail sites and offline behaviours, there could have been a massive amount of data shared online and used for nefarious purposes.

Fortunately, because agency trading desks are collecting anonymous data rather than data that identifies individuals, it means that hackers can’t directly target specific individuals whose data has been compromised, but such a breach will no doubt put the frighteners on trading desks to shore up their defences.

One big danger for advertising and media agencies is if clients get jittery about the security of the slew of data being held by agencies and its security and do not trust the current checks and balances in place.

They may demand the agency impose more data security, which would imply a big expense for the agency to fix. Alternatively, this could present opportunities for rivals to pinch the business, on the back of showcasing its cyber security credentials as being superior.

This could become an increasingly big issue as agencies (especially digital and trading desks specifically) hold a massive amount of audience profiling data.

Despite agencies and trading desks talking the talk on pioneering digital marketing techniques, the harsh reality is that data management within agencies is still in its infancy and agencies aren’t as secure as they should be for the amount of data they store on behalf of clients.

That said, it is worth pointing out that most of the first party data collected from brands through trading desks and DMPs is managed through third party services external to the agencies, which adds another line of defence against the hackers.

And let’s not forget that advertising businesses are generally well run businesses and it’s hard not to believe that most if not all don’t have a disaster recovery plan to shield themselves from the immediate fallout of a cyber-attack.

Josh Boustred is advertising operations executive at December 19

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.

Come on in, it’s free.

This isn’t a paywall. It’s a freewall. We don’t want to get in the way of what you came here for, so this will only take a few seconds.