With suspicion of cyber-attack, Americanas, Submarino and Shoptime face instability problems; recurring situation has left companies vulnerable, paralyzed operations and generated millionaire financial damage
The websites of Americanas, Submarino and Shoptime started the week offline on suspicion of a hacker attack. The two e-commerces – which until the publication of this article were still offline – add up to a millionaire loss. Americanas SA shares, for example, had a considerable drop on the São Paulo Stock Exchange, even though buy recommendations were maintained during the day.
The list of companies and state agencies that have undergone cyberattacks shows that cyberattacks have become common in recent years – Renner, CVC, Atento, Porto Seguro, Ministério da Saúde, Serasa and Experian are some examples.
The increase in this frequency is one of the side effects of the expansion of digital, boosted throughout the pandemic. Data from Check Point Research, the Threat Intelligence division of Check Point Software Technologies, recorded that, on average, 1,046 organizations were attacked in the country in 2021, up 77% from the previous year.
In addition to all the wear and tear that the situation brings, the attacks can damage the image of the brands before their consumers, explains José Maurício Conrado, professor of publicity and advertising at Universidade Presbiteriana Mackenzie.
“The biggest damage that a brand has is the break in the relationship of trust it has with the public”. According to Conrado, it can convey the idea that the company does not invest in security or, even when it shows the directing of resources to the area, the discomfort remains, when the customer continues to fear that other episodes will happen.
“It is a very serious problem for brands because security and reliability are very important features in the contemporary world”.
Osmany Arruda, professor of information security at ESPM, adds that the negative impacts for brands are very noticeable, as these situations look very bad in the eyes of customers, and, additionally, can amplify the financial damage.
“Usually this makes it easier to switch from one player to another, from one supplier to another, which naturally leads to a decrease in market share and can make it difficult to create new business,” he says.
Despite agreeing with experts about the effects on image and breach of trust resulting from the attack, Benjamin Rosenthal, marketing professor at FGV EAESP, considers that the consequences depend on some elements.
He cites as an example the percentage of consumers who are aware of the case and know the real implications, as well as the positioning of the brand and its harm reduction and mitigation work.
“In other words, although the impacts are negative, there are both mitigating factors – knowledge on the part of the consumer – and subsequent elements that also matter in the formation of consumer judgment”, he explains.
In addition to the effects on brands that are victims of hacker attacks, experts understand that the episodes can also contaminate the digital market as a whole. As many people are still afraid to circulate and transact in this environment – many users only joined because of the pandemic -, the increase in scams could cause a retraction in this movement.
TRANSPARENCY AND INFORMATION
Instead of getting wrapped up in positions that don’t say much, brands should act transparently towards their audience, experts say. As soon as the attack or information leak is detected, consumers and partners need to be communicated, even so that they can protect themselves from misuse of their information.
“This dialogue is important because it [a marca] need to keep the conversation going with customers. Otherwise, it can look like you’ve abandoned them. In addition to the security image, this lack of guidance can sound like something very complicated”, says Conrado, from Mackenzie.
For Arruda, from ESPM, efficient and objective communication with the brand’s stakeholders needs to contain information about what type of data was impacted, the period and extent of the episode.
“This is even good for the company to protect itself and, once again, show that it is an atypical situation, that it takes care of the data under its responsibility and that it is doing everything possible to mitigate it. What matters is for the company to show transparency and maturity to mitigate all the effects of this attack.”
WHAT IS THE LIMIT?
No matter how much noise the attacks generate today and no matter how attentive companies are, the tendency is for this scenario to get worse. The World Economic Forum’s 2022 Global Risks report points to rising cyber risks as one of the biggest problems in the short term.
Facing this reality, according to Arruda, from ESPM, says it involves a broad procedure. “A completely technological approach does not solve the problem. Let’s say, there is no such thing as 100% security.” Brands have to invest in protection resources and tools while developing a culture of prevention and also making their customers and consumers aware of the use of data.
“Security, like anything else in technology, is based on people, process and technology. If there is no process, trained people or adequate technology, it is chaos”, says Altair Olivo Santin, computer engineer, master in electrical engineering and industrial informatics and doctor in electrical engineering and professor at the Pontifical Catholic University of Paraná (PUCPR).
“It’s no use doing any of them in isolation, it won’t work. Security is continuous, it is a never ending process”, she adds.
