In a startling revelation in early July, sensitive data from Disney's internal Slack system, including strategic discussions on ad campaigns, studio technology and other confidential information, were exposed online by NullBulge, a group reportedly committed to fighting AI-generated art.
This activist effort to damage Disney’s reputation brings unanticipated and unwanted attention to the entertainment powerhouse as the leaked data reportedly contains sensitive details about Disney’s corporate website, software and future project development, as well as assessments of employment candidates.
Such breaches disrupt operations and potentially compromise corporate integrity, and is reminiscent of previous industry incidents such as Sony's cyberattack in 2014.
No organization is safe from unauthorized leaks. Are you prepared?
Iconic brands and technology titans are prime targets for hacks and unauthorized leaks. Today, artificial intelligence (AI) propels information at ludicrous velocity, requiring leaders to rethink how they manage confidential material.
No entity, regardless of its authority or magnitude, is immune from leaks.
Top government agencies have been hit hard. Edward Snowden’s 2013 NSA leak exposed global surveillance, sparking policy changes. WikiLeaks’ 2017 “Vault 7” revealed CIA hacking tools, impacting cybersecurity. And in 2022, a draft Supreme Court opinion on Roe v. Wade was leaked, causing public uproar.
Over the past year, there have been a rash of cybersecurity incidents that have impacted various industry giants in many sectors, which have been hit with ransomware attacks, hacks, breaches and leaks.
To understand the depth and breadth of the problem, in 2023 alone, more than eight million data records were reportedly breached, most in the private sector.
Risk management and insurance professionals branded cyber incidents as the top global business risk in the 2024 Allianz Risk Barometer followed by business interruption. The annual survey incorporated views from more than 3,000 experts in 92 countries and territories.
Data breach was the cyber exposure of most concern, followed by cyber-attacks on critical infrastructure and physical assets and in the increase in ransomware attacks.
These incidents starkly highlight vulnerabilities and underscore the urgent need for business leaders to implement comprehensive and pro-active defense strategies against increasingly sophisticated threats.
Despite rigorous efforts, it is nearly impossible to maintain genuine internal documents. AI is outpacing policies and procedures; even measures from a year ago are outdated, leading to costly blunders.
"Artificial intelligence is the future, not only for Russia, but for all humankind. It comes with colossal opportunities, but also threats that are difficult to predict." - Vladimir Putin
AI performs a multidimensional role.
It harnesses algorithms and data to enable machine or software tasks that traditionally rely on human intelligence -- learning, reasoning, problem-solving, perception and understanding. While it should not and cannot replace human capabilities, this technology can greatly optimize logistics, detect fraud, conduct research and analyze trends.
Moreover, the downside of AI includes potential job displacement, privacy and data security concerns, biases in algorithms, over-reliance on technology and ethical dilemmas in decision-making.
Most importantly, recognize the same AI technology deployed to protect, can be activated to attack, posing significant risks and threats to society, reputation and stakeholder trust.
Technology alone is not the answer.
In today's rapidly evolving digital landscape, key cyber strategies, coupled with an understanding of reputational risk, should drive management practices essential to safeguarding sensitive information.
Confidential documents must now be subject to rigorous controls. Sensitive information must be shielded from unauthorized access, ensuring that only those with specific clearance are aware of or have access.
Even with the most advanced technology, companies must still prepare for the worst. Following are some ideas to accomplish this.
“…time goes by so slowly, and time can do so much.” Righteous Brothers’ 1965 hit, Unchained Melody.
The instantaneous digital and cyber world demonstrates time is not on your side.
Consequently, you must think quite differently about time than we did just a few years ago.
In Richard Torrenzano’s coauthored, game-changing book, Digital Assassination: Protecting Your Reputation, Brand, or Business Against Online Attacks, a standard digital response process was established, as well as a response time for digital harm of eight hours.
Today, that concept is beyond significant, as the magnitude of attacks and leaks have dramatically accelerated at warp speed.
We anow face a “two-hour digital day.”
In today’s instant, mobile environment, when an attack occurs or a sensitive document is leaked, you have one or two hours for an initial response. Delays in response and conflicting statements written in legalese or gibberish result in a fiasco.
In many corporate cultures, business leaders and their advisors are simply not organized to operate at digital warp speed.
It is not a question of if but when a "black swan" event will occur. Leaders must have a strategically crafted and well-rehearsed plan to address such situations.
Complacency is risky; the belief "it can't happen here" is a dangerous delusion.
Policies, procedures and ongoing training should be reviewed semiannually to ensure a swift, coordinated risk response to protect reputation, operations and financial stability.
Emails, texts, reports, documents and other communications must now be written with the expectation that they could be widely shared.
This shift necessitates every document must be clear and precise and carefully considered for its broader implications.
Professionals must craft communications with a heightened awareness of how they might be perceived by a wider audience, ensuring that their words are both effective and appropriate in any context. Ongoing training is a necessary component.
Leaked confidential documents quickly become headlines, spreading rapidly by competitors and activists.
In the 24/7 news cycle, the relentless pace of modern media means control over the narrative is beyond difficult.
Additionally, establishing clear communications and a solid response plan for leaks is crucial. Transparent and prompt engagement with stakeholders helps manage and minimize the impact of such disclosures.
Regular reviews, ongoing training and stringent internal procedures and confidentiality agreements are essential components of a robust security strategy and reputation protection.
These best practices, combined with a formal disciplinary policy for handling breaches, form the backbone of effective management to not only prevent costly breaches … but protect reputation and mitigate financial injury.
Disney breach shows Mickey, and others, need strong firewalls and enhanced focus on reputation.
A well-rehearsed plan for different crises, along with semiannual policy and procedure reviews to update technology advances, can make a difference and provide the swift response crucial to protecting reputation, operations and financial health.
Years before AI overtook business and society, one of America’s wisest, Warren Buffet, stated, "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." His foresight was spot on then … and remains on point today.
Published September 12, 2024.