Cyber Security and the Ethics and Imperatives of Scare Marketing

Cyber Security and the Ethics and Imperatives of Scare Marketing

If you’re not biting your nails in fear of cyber crimes and internet vulnerabilities the rest of 2018 will bring, you haven’t been paying attention. But, as it turns out, you wouldn’t be alone. Outside of the most tech savvy businesses and individuals, anxiety about cyber security at the individual or national levels doesn’t seem to have gone very far. And if you’re a company that specializes in internet security or simply a tech insider concerned about the public and the nation, that oblivious inattention has got to be incredibly frustrating. But what can we do?

We have to be clear about what our goals are. Scare marketing, gunning for the public’s attention or dollars by trying to terrify them, is a time-honored tradition in marketing. But that raises serious ethical questions. If you yourself are trembling in fear, does that justify using fear to appeal to your audience? And how are you supposed to go about manipulating someone’s fears if they haven’t acquired that particular fear yet? Whether for commercial advertising or public service campaigns, these are important questions to answer.

The Terrifying Reality

Just as the last year and a half have brought revelations about the extent of international cyber-meddling on the part of nations like Russia and North Korea, the last few months alone are very quickly making clear the new reality we live in with regards to vulnerability to individual hackers. Late last fall we discovered the KRACK Wi-Fi vulnerability, and just a few short weeks ago news of serious software exploits Spectre and Meltdown hit the media.

The KRACK vulnerability creates an opening for a hacker every time someone connects to a Wi-Fi network on their device or computer. For most networks without extra encryption, a savvy hacker can follow you in and intercept the traffic between your device and the internet. They’d have access to your data and your computer, and they could very easily infect your computer with ransomware or some kind of virus.

Spectre and Meltdown, the latest cyber security nightmares, are openings built into most modern computers that could allow hackers access to all of the most important data held on a computer. The extent of these vulnerabilities is staggering, and everyone is affected. For all of these vulnerabilities, however, there are work-arounds and patches to keep systems secure, and some of them are very effective. The problem is that this is only the beginning.

“It’s like there are new threats and weaknesses popping up all the time,” says Laurence B. Green, attorney and co-founder of Berger and Green. “And most of us don’t understand so we don’t even pay attention.” For every vulnerability that is patched, there’s another that hasn’t been found yet, at least not by the good guys. For now it’s just going to get worse.

Experts in the field predict we’ll be seeing cyber attacks on critical civil infrastructure in the near future. And even outside the geopolitical side of things, the possibilities are frightening. Every company is vulnerable. Imagine what cyber criminals could do if they hacked into a system of medical records or even into an airline or travel booking service. The data they could mine could bring the dangers of identity theft to frightening new levels. And just as professional marketers are using AI to target customers more and more effectively, cyber criminals can use the same technology to find their perfect victims. When the hacking itself can be automated, no individuals or businesses are safe.

The Knowledge Gap

And now, just as cyber security should become a widespread concern shared by all, it’s been politicized and caught up in the same political polarization as everything else after the Russian election hacking. There’s a dangerous divide between the tech insiders who see the threats up close, however, and the average consumer and tech user who can’t be bothered to create multiple passwords for all their online accounts.

And in a lot of circumstances, unfortunately, an otherwise secure system can be undermined by the security failures of its users. A small business can pay for a security consultant and bring in the best, safest hosting software, but without understanding and buy-in from employees and a broader culture of security among staff using the system, they’re not going to get the security they want. Just like the staff of a small business, the average consumer needs to become more security-conscious, or our security as a whole will suffer.

Ethics and Imperatives

The question, naturally, is how do we go about raising that security-consciousness? Given real-life circumstances, you could imagine it as less of a normal marketing task and more of a public service or even a civil obligation. Most marketing based on emotional appeals, however, focuses on manipulating fears that people already have, not implanting new ones.

Intentions are important. There’s a significant ethical gap between manipulating consumers with fear and simply educating them about scary things. That’s a fine line to walk if you’re selling internet security, but it’s something that has to be carefully considered when you’re using advertising that may intentionally or unintentionally spreading fear. We want informed, security-motivated consumers and businesses, not scared ones that simply do whatever people tell them for the sake of avoiding disaster.