GRC Viewpoint

CHEQ: Go-to-Market: The Last Major Cyber Attack Surface

Kerry-Coppinger - Senior-Manager,-Brand-Marketing Banner


Senior Manager, Brand Marketing | CHEQ

Throughout this article we will discuss why GTM is the final major frontier for security, and why so many businesses are finally getting on board with securing it with the same vigor as all of their other potential areas for cyber attacks. 

Back when companies first became aware of the potential threats malicious users and bots could have on their operations, many of them were moved to action. They began to implement cybersecurity measures designed to defend against attacks and reduce the harm for both the business’s IT systems, and their customers’ data. Some key examples of this include: network security to protect all devices within a company’s network, securing web applications from threatening outside forces, cloud security to broadly protect infrastructure and data, and privacy and compliance measures to ensure customers and local laws are being respected. 

All of these measures are now seen as not just helpful but essential. In fact, businesses that do not have these standard protocols in place are seen at best as being unprofessional or behind the times, and at worst are seen as operating an illegitimate business that law enforcement may need to get involved in. However, while companies were moving to implement all of these security measures, they were initially leaving one massive attack surface behind – the go-to-market organization. Throughout this article we will discuss why GTM is the final major frontier for security, and why so many businesses are finally getting on board with securing it with the same vigor as all of their other potential areas for cyber attacks. 

What is included in go-to-market?  

Broadly, the go-to-market organization is responsible for strategizing and enacting plans to share their business’s value, products, and services with customers and potential customers. Typically, this includes departments such as marketing, sales, revenue and analytics teams among others. The specific roles within an go-to-market organization can vary from company to company. Since this area of business is so broad, there are many possible areas of attack for bad actors to influence and attempt to sabotage. For example, on the marketing side of things, potential areas for attack include advertising campaigns, affiliate marketing on external sites or with partners,  SEO and organic growth efforts, and more. Similarly, the sales department can suffer when CRMs and databases are targeted by invalid traffic. Analytics systems are also massively at risk. All of these areas combine to be the largest attack surface that was not previously protected by major organizations, which was cause for alarm. 

How can malicious users harm this area? 

Malicious users and bots may choose to attack departments within the go-to-market organization if they are unprotected for a variety of reasons. First, there is a plethora of marketing and customer data involved in this area of business, which can either be re-sold, used by fraudsters to steal personal details, or even commit identity theft. Additionally, there is a lot of money in this arena that can be sabotaged by outside sources. Research has shown that data skewed by fake traffic costs businesses $697 billion annually, and an additional $42 billion in potential revenue opportunities is lost each year as well. When GTM teams are under attack, their advertising budgets can become drained, and their audience segments polluted with fake users. Additionally, when malicious users arrive on-site, they can fill out forms and enter CRMS – taking up valuable space and budget and wasting the time of sales teams. Perhaps most strikingly, all data becomes skewed and sources of truth are rendered inaccurate and unreliable. 

What does protection of this area look like? 

Once organizations caught on to these consequential threats, they began to move to protect their GTM organizations with the same level of attention as the other areas of cybersecurity. However, since this organization involves marketers, salespeople, analysts, and other team members in addition to IT and cybersecurity professionals – they needed a solution that resonated with these varied roles. Go-to-Market Security quickly became the primary solution for companies that were looking to protect their entire operation, and take a more proactive approach rather than only concerning themselves with network security, major data breaches, or other threats that the CISO would traditionally deal with exclusively. 

The concept behind GTMSec is to democratize cybersecurity for the entire business in a way that makes sense to all team members. When this type of security is implemented, marketing budgets are used more effectively and are less likely to be hijacked by invalid users. Audiences don’t become polluted with harmful or malicious bots. Databases are clean from potential threats, and analytics are unskewed and free from bad actors. Because all of these things are essential for complete protection, and without them the GTM organization can struggle to function, teams that do not implement this type of security are now seen as behind the curve. 

In conclusion, many leading companies are moving to protect their entire corporation, and move beyond the traditional areas of cybersecurity. This ultimately enables organizations to be protected holistically, and leave no stone unturned when it comes to protecting potential attack surfaces.