B2B Marketers on a Mission
Ep. 47: How B2B Companies Can Protect Their Digital Customer Experience – Interview w. Kathleen Booth
How B2B Companies Can Protect Their Digital Customer Experience
As digitization continues to accelerate across different industries, it has become increasingly important for B2B companies to secure their digital platforms and channels. During this week’s episode, we talk to Kathleen Booth (VP of Marketing, clean.io) about why protecting digital engagements is necessary, some of the most common online threats that could negatively impact customer experience, and why marketers need to take more ownership of digital engagements.
https://www.youtube.com/watch?v=ifcCmoAXKhY
Topics discussed in this episode:
- What is “digital engagement security”? [1:40]
- Why marketing leaders should educate themselves on digital engagement security and be responsible for it instead of leaving it to IT. [4:46] | [7:44]
- Kathleen elaborates on the different threats out there in the market – from third-party codes to browser extensions [10:07], social engineering [26:20], and malvertising [29:10]
- Digital engagement security starts with understanding your audience, their journey and engagement. [21:09]
- The key is to have a balance between customer experience, security [22:32] and ongoing monitoring. [23:12]
Companies & links mentioned in this episode:
Click here to access the episode key takeaways.
Transcript
SPEAKERS
Christian Klepp, Kathleen Booth
Christian Klepp 00:00
Welcome to B2B Marketers on a Mission, a podcast for B2B marketers that helps you to question the conventional, think differently, disrupt your industry, and take your marketing to new heights. Each week, we talk to B2B marketing experts who share inspirational stories, discuss their thoughts and trending topics, and provide useful marketing tips and recommendations. And now, here’s your host and co-founder of EINBLICK Consulting, Christian Klepp.
Ladies and gentlemen, welcome to this episode of the B2B Marketers on a Mission podcast where you get your weekly dose of B2B marketing insights. I’m your host, Christian Klepp. And today, I am absolutely thrilled to be joined by someone, dare I say it, who is an absolute powerhouse in the world of B2B marketing, right? So she’s been named by top ranked as one of the 50 top B2B marketing influencers in 2019, she hosts her own podcast, she’s a startup mentor, and she’s an avid LinkedIn video content creator. I mean, I could go on and on and on, but I would rather let her do all the talking. So without further ado, let’s give it up for Kathleen booth. Kathleen, welcome to the show.
Kathleen Booth 01:07
Thank you so much for having me. Christian, I am so honored to be here.
Christian Klepp 01:10
It’s really great to have you on the show, Kathleen. And I’m really glad that we connected and yeah, let’s, uh, let’s get this conversation started. Because you know, to be honest, Kathleen, you are an expert in a field that I would dare say has gotten a little bit more airtime now than it has in the past. Right. So. And that topic is on what’s called digital engagement security. So like, just for the benefit of the audience, could you talk us talk to us about what that is exactly?
Kathleen Booth 01:40
Sure. So, you know, it’s a relatively new term. But I think it’s so timely, in the world we live in today, particularly given the events that have happened in the last year with COVID. So it’s all about recognizing that businesses are increasingly engaging with their customers, their audiences, their users, their prospects online in a digital environment and protecting those engagements is paramount to the brand itself to the company’s revenue, to the user experience, it sort of has replaced what used to be somebody walking into your office building and having a meeting with you, right? You know, you had a secure nice office building, it was a good user experience, comfortable lobby furniture, nobody felt unsafe there. And they could come and have a really positive experience with you as a company. And, and, you know, that’s really what we’re all about any business, it doesn’t matter who you are, we’re all about selling trust. And if we can sell trust, then if we have a great product, it will sell itself. And so security is the number one factor that needs to be in place in order to establish trust. So that’s what digital engagement security is all about. It’s about protecting our engagements online.
Christian Klepp 02:56
That’s absolutely right. And I mean, you know, you alluded to it in the past couple of minutes, but um, you know, a lot of things. Businesses have migrated online, there’s many companies and you hear about them, like, quite often, but um, you know, they’re 100% remote, they’re 100% online, they don’t have a physical office space. A lot of these transactions that they’re conducting are, you know, are conducted or done online, rather, and I think now is probably not the time to be complacent about things like security online. Right.
Kathleen Booth 03:28
Yeah, I mean, like I said, in the last year, specifically, I’ve seen data that says that the move to e commerce, for example, has sped up by 10 years, because of the pandemic like brick and mortar companies that had no plans to sell online, just were forced to do it, you know, restaurants that had to figure out ways of letting customers place orders online. Even B2B businesses that used to rely on trade shows and, and sales team members traveling the country and going for in person meetings, we’ve all had to figure out a different way. And it’s all shifted to digital. And so, you know, this, this doesn’t discriminate by industry, or geography, the whole world had to do this all at once. And so we’re thrust into a new paradigm where, you know, I think there are there are risks present that we need to account for, but there is also tremendous opportunity if we’re able to navigate it well.
Christian Klepp 04:20
Absolutely. Absolutely. And, you know, like, ponder me this, like, what are some of the things like is, you know, you’ve been in this field for a bit. And you’ve been talking to customers, you know, in the market, what are some of these common objections or I could call them push backs to like… what are some of the push backs that you’ve seen with regards to digital engagement, security? I mean, people saying like, you know, Kathleen, thanks, but we don’t really need that.
Kathleen Booth 04:46
I don’t think anybody necessarily pushes back against the concept that we should have safe engagements with our customers, users and prospects. I think what it is, is that historically the person within the organization that has owned the digital engagement experience has been the marketing leader, right, we’ve typically and I’m a marketing leader have typically on the website, we’ve owned the social media platforms, we’ve owned email, you know, all of that is something that is fallen under our purview. But as marketing leaders, we were never taught anything about security. And in fact, typically, within our organizations, we’re told that that’s not our concern, we generally have an IT person on staff who handles cybersecurity or we outsource it to some sort of managed security services provider. And the word cyber security in and of itself, I think, is something that marketers hear and they think that has nothing to do with me, right? That’s not my job. And what’s happened is that it sort of has become our job. Because there’s a lot of data out there now, that shows that the marketing leaders within companies, in many cases have much bigger IT budgets than the IT leader does. And so we hold a lot of investment in Tech stack in our hands. And yet, we have not been trained on any of this, nor is it in our job description. And so we’ve arrived at this point in time, when we’re we own it, whether we like it or not, because so much of the vulnerability that our organizations face has to do with things like the website, and with things like how social media is used. And yet, we’ve never been equipped to even understand the full scope of the risks. And so I wouldn’t say it’s a pushback about the concept, it’s more of a pushback about who should own it and how severe of a risk it is. Because I do think there’s a lot of misunderstanding around really what’s at stake here.
Christian Klepp 06:48
Yeah, exactly. And I mean, you know, you brought up so many great points with regards to that. And, you know, I’ve been doing some reading on that, on that topic, like, you know, different online channels, and it does come down to being you know, if we’re talking about cybersecurity, it eventually becomes a collective effort. Right? Because like you were alluding to earlier, you know, the Marketing Leaders, a lot of the channels that they’re looking at, you know, where they’re implementing their initiatives and tactics, they’re all online, they’re all digital, right? Websites, social media, and, and so forth. So it becomes a… it doesn’t just become something like, okay, cybersecurity is one department’s responsibility. You install this software, and you’re good to go. It’s, it’s really…, and I’m sure you’re gonna talk about this later on. But like, it’s a combination of systems and processes as well. And, and, and you know, these buzzwords, like cyber vigilance, cyber resilience, all of those things come into play as well. Right?
Kathleen Booth 07:44
True. But here’s the thing, I would say. And there’s a reason we call it digital engagement security, and not cyber security. Because when we start to use a lot of those cyber buzzwords, I think that’s when marketers freeze up, and their guard goes up, because they, they don’t we I’m going to say we’re not there, because I’m one of them. We don’t understand it. It’s scary to us. I think in many cases, we don’t want to learn about it, because it seems like too much work. Right. And there’s also this definitely this dynamic that’s that exists in the world. Even amongst certain cybersecurity practitioners have like, if I don’t know it happened, then I can’t be held responsible for it. Right. And so as soon as I, I, I become aware, all of a sudden, I have to own it. And so there’s, there’s a lot of reticence around that. But what so that’s why we really call this digital engagement security, because it’s about protecting interactions that the brand has with the customer. You know, we don’t say it’s about hardening your defenses for your server or your, you know, your files or what have you, that’s when it starts to sound kind of scary. But I think everybody can get behind protecting revenue and brand and user experience, which is where the marketing leader really comes into play. And so there, there are a lot of real threats happening. There’s a lot of real examples out there of where this is coming into play. And but there’s not a lot of education for marketers on it.
Christian Klepp 09:06
Exactly, exactly. That’s a great point. And speaking of which you give me a perfect segue into the next question, which was about like, you know, and I know, this is something that you guys do all over at clean.io, but like, you know, elaborate, elaborate a little bit, if you can, on some of these different threats that are out there in the market.
Kathleen Booth 09:25
Sure. So, I mean, there’s literally, you know, millions and counting because as we sit here, I’m sure there’s somebody out there inventing a new way to compromise, whether it’s a website or something else. And so it’s ever evolving, but I think we can kind of when it comes to digital engagement security, specifically, I would categorize a few different areas. I would say there’s actual like, threat of hacking, data leakage. And it’s not just data leakage. It’s also control over your properties. So I’ll start with that one. Because I feel like as marketers, we’ve always been taught that we own our website, right?
Kathleen Booth 10:07
We talk about, you don’t really own social media, you know, you’re on Facebook’s platform, they can change the rules. But we always say we own the website. And I wish I could say that were true, but it’s not. Because if you think about the way we build websites today, we own a lot of it, you know, we have a lot of control. If you look at control as a spectrum, as opposed to a binary, you know, yes or no, I think that’s a little bit more accurate. So we have a lot more control on our website than we do anywhere else. But because of the way the modern internet functions, we deliberately allow a considerable amount of third party code into our websites. So put differently, think about when you build your site. First of all, many of us, most of us these days are not hard coding HTML sites, we’re building on a CMS, a Content Management System, whether that is WordPress, or HubSpot, or, you know, any one of the numbers of other CMS is out there. That’s, that’s third party code. And then there are also plugin marketplaces that we use to add functionality to our sites, whether that’s, you know, feeding in our Instagram feeds or putting a calendar plugin on a site or a chatbot. You know, we’re putting all of that on. And those are, and then we’re also adding script, you know, we’re adding Google Analytics and all kinds of other, you know, pick advertising pixels. This is all third party code. And at the heart of digital engagement security, that’s it’s really sort of what it’s all about. When it comes to your website, it’s controlling that third party code that executes on your site. So there’s a category of code that we allow in. And that poses some risks, because I think most of us probably do some homework before we add code to our sites. And many of these third party code platforms are very well known and trusted. You know, I mentioned a few things like WordPress and HubSpot and Google Analytics, very trusted. But that’s not to say that we should turn a blind eye and assume it’s going to be okay. Because, for example, about a year ago, a little over a year ago, the US government released a major announcement saying that there was a very widely used WordPress theme sold through the Envato marketplace, which is a trusted marketplace, that was actually a Trojan horse for a hacking group. And the whole purpose behind it was to harvest personally identifiable information that pass through the website. And it was installed on, you know, hundreds of 1000s of websites around the world. And so that’s just an example of like code that we actually put on our sites that could be making us vulnerable and jeopardizing our brand and our user experience and our revenue.
Now, then there’s the whole category of code that we don’t deliberately put on our sites, but that runs there anyway. And that could be somebody trying to hack our site, which happens, certainly, we all have heard things like the colonial pipeline, you know, there’s so many different hacks that are out there. But I look at that as probably less common than other issues, for example. And this was a huge eye opener to me when I started working in this field, browser extensions. So as users, we put all kinds of browser extensions in our browser. I have, I’m looking at my browser right now. And I probably have 30 of them. Everything as a marketer, everything from I use Vidyard video extension. I use, Awesome Screenshot to take pictures of things on my screen, I use color pickers built with the Moz toolbar, you know, there are so many that we use professionally, and a ton that we use personally. And so, for example, personally, and this is one that we deal with at our company is coupon extensions, you know, honey, Capital One shopping, everybody loves a good deal. Regardless of what the extension is, whether you’re using it for work, or personally, what very few people realize is that browser extensions, because they are installed by the user and their browser, they actually have a highly elevated level of permission to operate and run script on the websites that user visits. That’s how they function if you think about it. So a good example would be a color picker. And maybe listeners have used these, maybe they haven’t. But the idea is, if you’re working in marketing, and you want to know the hex code, or the RGB code, or the PMS code of a particular color you see on a website, these extensions let you put an eyedropper over the color on the site, and it’ll tell you what color it is. Well, it does that by running code on that site but that site has not said, Hey, come in, you can do this, your browser extension has a higher level of permission to do that. They don’t need the website to allow them to do it. So that is great for the user. But in some cases, these extensions can be either deliberately malicious in the sense that they can carry viruses or they can just be what I would classify as untrusted. And in being untrusted, they can affect the user experience on the website, and in fact, in some cases affect brand revenue. And I can give plenty of examples about that. But I’ll stop and see if you have any questions.
Christian Klepp 15:13
First of all, wow, I mean, that was, that was incredibly interesting and scary at the same time. Like, and you probably get that a lot, but like, you know, if I’ve been hearing you correctly in the past couple of minutes, I mean, there’s extensions, and there’s plugins and so forth, that, you know, maybe it’s, maybe we assume that they’re okay. And we inadvertently, like, just leave the door open to vulnerability. And the other ones, like you said, um, they run anyway. And sometimes, like, you know, if you look, I think, let’s go back to your example of WordPress, right? If you go to the back end of the WordPress website, and you see all of these plugins, right, that, and for one reason or another, they recommended that you that you install them, and then so on, and so forth. And then people install them and then things happen there. But I’m just curious to know, and I’ll skip forward to the question I was gonna ask later on in the conversation, but in your in your role, you know, in your marketing role at clean.io, how do you market these kinds of services to the target audience? And how do you make them aware of what it is that you guys do?
Kathleen Booth 16:25
Yeah, I can start by saying we don’t market it as cybersecurity for all the reasons I’ve already mentioned. You know, our buyer is generally somebody in a marketing role, or we also have a product that we sell to advertising operations teams. These are not cybersecurity or IT buyers. And so I don’t use the word cybersecurity at all. You know, I think security is a less scary word in general, people understand that. But that’s why we really focus on what’s in it for me, for the audience we do serve and what’s in it for them is making sure that all the hard work they’ve put in to creating a great user experience does not become jeopardized by third party code. Also making sure, you know, every marketer, at least I hope is held responsible to some degree for generating revenue for the business. And it’s about protecting revenue. Like I use the example earlier of coupon extensions, they can operate on an e-commerce website without that site even allowing them in and there’s a really clear example of how third party code can affect revenue. You know, if you don’t, if you don’t want that extension there, you know, until recently, you didn’t have the ability to control it. And it would just apply coupons and erode your profit margins. So it’s about user experience. It’s about revenue, and it’s about brand. You know, there are many websites that, going back to the example of coupons, you know, luxury websites or websites that don’t want to be seen as discount friendly, for whatever reason. They don’t want coupons showing up all over their site, it attracts the type of buyer that they’re not looking for. And you know, no judgment right or wrong, I love a good bargain. I’m not certainly, you know, saying anything’s bad about that. But these companies just want to be able to have control over their own business and marketing. And unfortunately, in many cases, third party code removes that control. And sometimes it’s pretty egregious, you know, there are extensions that you can put on your computer, that if you go to one website, will pop up and tell you where you can get a better deal on the thing you’re about to buy from a different website. So it’s the equivalent of you owning a store in the real world. And having a customer at your cash register, ready to pay you for something, and somebody walking in the front door of your store, walking up to the customer who’s about to hand you their credit card and saying, “Go down the street, three doors over, you can get that item cheaper,” we would never put up with that in the real world. And I don’t think we should have to put up with it on our websites.
Christian Klepp 18:55
That’s a that’s a fair point. That’s a fair point. And it’s always it’s always good to bring it back to like, a comparison in the offline world if you can, right.
Hey, it’s Christian Klepp here. We’ll get back to the episode in a second. But first, is your brand struggling to cut through the noise? Are you trying to find more effective ways to reach your target audience and boost sales? Are you trying to pivot your business? If so, book a call with EINBLICK Consulting, our experienced consultants will work with you to help your B2B business to succeed and scale. Go to www.einblick.co for more information.
Kathleen, I’d like to get your thoughts on this. You know, there’s an article I read a while back. It was written by McKinsey and it elaborated on some of the things that you already touched on. So the topic was on building security into the customer experience. So it talks about why it’s paramount for companies to secure digital channels against malicious attackers without creating a negative experience for customers, which is always a fine balance right? The article goes on to say like based on the research that they’ve conducted, they’ve identified five steps that will help to create the so called best in class secure customer journey. So I’m just going to read through them. Point number one is composed personas and design appropriate customer journeys. That almost sounds like a given. But…
Kathleen Booth 20:14
Yeah, I was gonna say, I hope every marketer is doing that already.
Christian Klepp 20:18
Check. Alright.
Point number two gets a little bit technical here. So select and apply Customer Identity and Access Management or CIAM controls for prioritized journeys.
Point number three is strike a balance or a reasonable balance between security and the customer experience. So like not going to extreme.
Point number four is integrate design principles within the broader architecture. Again, another one, I would assume, yes, you should take that into consideration.
And point number five, which I think is pretty important too – using robust governance mechanisms to support and secure that customer journey. So what are your thoughts on the above, and you know, what would you add?
Kathleen Booth 21:09
I think I agree with all of it. Interestingly, point number two about I think it’s CIEM, which is that what they’re saying you should have this customer identity or CIAM access management, I believe it was, that’s, I mean, really, that’s a particular solution that they’re promoting through this piece of content. And I think it’s one piece of the broader landscape of digital engagement security. And so you could substitute that out for, you know, a protection against bots and, and extensions on your site, you can substitute it, as you know, a firewall for your website, if you will, or, you know, there’s so many different things, you could kind of plug into that point number two, which is more about tools than it is about kind of the overall approach. But I I think it’s I agree with all of it. Um, I do think it starts with understanding your audience and the journey they’re going to go on, you know, when we talk about digital engagement security, you need to know what those engagements are, and you need to map them out and think about where they could go wrong in order to then secure them. Um, and the thing I would say is missing is, um, let’s see, step two was the CIAM. And then there was there was remind me of what the next ones were because I had…
Christian Klepp 22:23
Yeah, no problem. So CIAM and then the third one was striking a balance between security and the customer experience.
Kathleen Booth 22:32
Yes. Okay, I remember. So absolutely. customer experience and security balancing that is critical, because people are the greatest point of failure. This isn’t what’s missing. But I did want to add this. I used to work in cybersecurity as a head of marketing. And we always said, “every individual person is their own CISO, Chief Information Security Officer,” meaning that you can have all kinds of protections in place. But if somebody finds them cumbersome, they’re going to find a way around them. Right? They’re going to make their own decision about what kind of security measures they need to take, because it’s…
Christian Klepp 23:10
Human nature, right? Like, let’s find the easy way out.
Kathleen Booth 23:12
Oh, yeah. And I was talking about it like how rivers form through mountains, like water looks for the easiest path, and so do people when it comes to cybersecurity. But the thing that I think is missing it from that article is the ongoing monitoring. And maybe this falls under governance, but like, you know, when we talk to customers, oftentimes, the focus on digital engagement security comes up when there’s a problem, right. And the really savvy businesses know there’s a problem, because they’re really looking closely at their analytics. And again, we talked to marketers, and so I’m really thinking here about marketing analytics, you know, and, for example, so our coupon product, people only realize there’s a problem with coupons if a couple of things happen.
Number one, they see a coupon code that they’ve issued all of a sudden spike in usage, which generally means it’s gotten picked up by an extension.
And then number two, if they understand, like, financially, the impact that’s having on their business. And if they also understand how to measure marketing attribution, because there are some misunderstandings about well, I think coupon codes are good for me, or sorry, coupon extensions are good for me. And in some cases, they are, but you really have to understand the multi touch customer journey, and what role extensions play in that in order to truly appreciate whether they’re going to help or hurt you. And so, so having an analytical mindset, keeping a continuous eye in your analytics, and being able to spot those triggers is really important, because even if you haven’t put any digital engagement security in place, that will tell you when you have a problem. Hopefully you’re not waiting until the problem happens to do it. But even once you have a lot of these measures in place, as I said in the very, very beginning, the number of threats the nature of threats, it’s constantly evolving. And so you need to watch closely at every step in the journey, and look for anomalies.
Christian Klepp 25:07
That’s a really good way of putting it like looking for anomalies. So, you know, this is an ongoing threat, or as I, as I said, in a previous interview, it’s a clear and present danger. Right. That’s not something that’s going to go away anytime soon. I think you’re probably right, that monitoring might fall under governance. But governance is not just monitoring, right. Like it’s enforcing, it’s educating, it’s implementing. So it’s a combination of factors.
Kathleen Booth 25:30
And it’s really important. I mean, I don’t think I can underscore enough. A few of the things you just said, I think I already said, once people are the greatest point of vulnerability, like we can have the best policies in the world, we can purchase the best software tools to protect our companies. But at the end of the day, it’s human behavior. That is our that is the thing that will put us at the most risk. And so it starts with education and training for everybody in the company. And a lot of companies are starting to do this now, basic cybersecurity training. But you know, if I had a prediction to make about something that’s going to happen in the next few years, I actually think we’re gonna really see more specialized providers crop up to train marketers in particular, because there are some really different things that we have to deal with. Not just our websites, I mean, I haven’t even touched on it. It could be a whole different podcast, but something called social engineering, which is, you know, the story of when I was head of marketing, and I posted a picture of our CEO at a trade show in Atlanta sitting at the booth, as we always do as marketers, and I tagged him on LinkedIn. And within 15 minutes, the newest employee at our company, got an email, supposedly from the CEO asking him to buy gift cards and sending them to him. And the email said, “I’m in Atlanta, I’m at a trade show, I need you to do this.” Well, how did that happen? That happened, because I posted online his location, his name, the name of the trade show, all somebody had to do was go into our LinkedIn company profile and see who the person was that most recently joined the company. And that’s the easiest person to target. Right? They haven’t been trained yet. And so that’s a whole other area. But like training, that’s something that’s heavily influenced by marketing, we tend to be the ones that broadcast this information out into the world. And it’s not to say we shouldn’t do it. I’m not suggesting we stop posting things like this. But I think we have to understand when we do something like this, what possibilities do we open up for someone who would want to take advantage of our brand? And then what is our responsibility on, you know, internally to protect against that? So do we need to send something out saying never buy a gift card for the CEO unless you talk to him on the phone, or, you know, whatever, whatever it is, but um, but having that training for both the marketing team and the broader company at large, I think is really important.
Christian Klepp 27:47
Absolutely. And, um, yeah, well, I mean, that story in itself, that just drives the point home, right, like, how fast all this stuff can happen, right? And if you’re not careful, that person would have gone and bought those gift cards.
Kathleen Booth 28:02
Oh he did,
Christian Klepp 28:03
Oh he did!
Kathleen Booth 28:04
he lost a lot of money. And the thing is that example I love because the malicious actor, the bad actor, didn’t even have to really be that skilled to pull that one off. Right. You don’t need to know how to code and be a hacker, all you had to do was pay attention to LinkedIn and send an email that looked kind of like an email from somebody in the company.
Christian Klepp 28:27
Pretty easy. Yeah. I don’t really have a comeback for that one. Sometimes, you just learned the hard way right?
Kathleen Booth 28:36
I’m sure it’s a mistake that the person who fell for will never fall for a second time.
Christian Klepp 28:40
No, absolutely not. Absolutely not. Kathleen, I promise you, we’re not going to talk about the pandemic. Alright. But I do want to ask you, and you’ve, you’ve talked about it a little bit, um, you know, just looking back at the landscape, in your specific area of expertise, what are some of the changes that you’ve seen, as a result of like, you know, what’s been going on, and everybody starting to work more and more online? Like, what are some of the changes that you’ve witnessed?
Kathleen Booth 29:10
You know, it’s been really fascinating. And I gave some examples of at our company, how we do help ecommerce brands protect against coupon extensions. Well, the other side of our business, which we started in 2017, is we help very large online publishers prevent something called malvertising, which is malicious ads. So you go on to a website. For example, one of our clients is the Boston Globe. And what you don’t want to do as a user is click an ad and have a big redirect pop up or you’re taken to like a sweepstakes pop up that you can’t get out of or you don’t want to be taken to a landing page that’s trying to enroll you in a Bitcoin scam. This is all terrible user experience, and it also actually hurts the revenue of the publisher. And I won’t go into why but um, but what I was gonna say my observation about sort of what’s happened with the pandemic is, anytime you have big change, like we’ve seen in the last year, it presents an entirely new risk surface.
Kathleen Booth 30:11
And what I mean by that is, for example, with malvertising, all of a sudden, you had whole industries, travel, hospitality that really took a hit right, especially at the beginning of the pandemic. And a lot of them pulled back dramatically on their advertising, for example, you know, hotels weren’t advertising as much because they were shut down. And they knew that that the advertising wasn’t going to pay off for them. And so that void, that big change, what it did was it lowered the CPMs, which is the cost essentially to advertise in those verticals. And that’s when malvertisers stepped in, for example, because they… malvertisers are just basically sophisticated performance marketers who are using programmatic advertising for, for bad ends, essentially. And so they’re opportunistic, they’re looking for an inexpensive way to get in the door and to see big results. And so that kind of a big change, it opened up a new within cybersecurity what’s called an “attack surface”, for advertisers to come into. And we did see that because we track in our platform, data about attacks, and we saw malvertising attack level spike pretty heavily last spring, when the world shut down in certain verticals. In others, it didn’t happen, because, you know, like lifestyle and home things, you know, like home decor, there was still a ton of advertising for that, because people were stuck in their houses, looking at all the you know, the stuff they didn’t like, and buying new stuff. And so the it was fascinating to watch the trends of where these risks popped up. And it was where there was like a vacuum. And I think the same thing happens, you know, in e-commerce in any other area, when it comes to digital engagement security, it’s all about opportunity. And these people are waiting for opportunities. And so what I would say is, let’s not give it to them. You know, I think as marketers, it’s about not sticking your head in the sand. It’s about taking proactive measures to protect your brand before the risk happens.
Christian Klepp 32:14
Exactly. It’s the old. It’s the old prevention before detection at a trade.
Kathleen Booth 32:20
Yeah.
Christian Klepp 32:20
Yeah, exactly. This is the part of the conversation where I mean, it gets pretty passionate. I mean, you’ve, you’ve answered a lot of these questions very passionately. But what’s a commonly held belief in your area of expertise that you strongly disagree with, and why?
Kathleen Booth 32:37
Well, I probably have sort of already answered this, but I want to call it out more directly. And it is that marketers don’t need to have an understanding of or educate themselves about cybersecurity, you know, and just because I don’t call it cyber security, when I talk about digital engagement security, doesn’t mean that, really, we still need to learn about it, we were never taught about it in school, you could major in marketing, and never hear anything about this. You know, if you go through any kind of other professional training program on marketing, probably nobody’s gonna mention it. But we need to take greater ownership, it is a real failing, of the marketing profession, that it has not stepped up and recognized that with all of the money, we’re pouring into websites into other tools that operate on the websites, you know, into tools that hold the personally identifiable information of our customers, it is really a shame that we as an industry, have not stepped up and taking greater ownership over educating ourselves about how to make sure we’re safeguarding all of the information that we hold, and all of the experiences that we’re responsible for protecting
Christian Klepp 33:51
That answer in itself was worth the entire introduced weight and gold. But it’s, you know, it’s to your point. Um, I mean, I didn’t learn about this when I was in university, and I majored in marketing as well. Um, and you know, the old saying is ignorance is bliss, right? Like, people are like, okay, I don’t know about it. I don’t want to know about it. And then somehow the problem gets solved. But that obviously isn’t the case here.
Kathleen Booth 34:17
Well, and I think what’s really scary, is if we wait for our organizations to put this in our job description, or to goal us around it…
Christian Klepp 34:25
Too late.
Kathleen Booth 34:26
It’s going to be too late. And what’s going to happen is something embarrassing, damaging it could be the website gets hacked and taken over, it could be something else, but you know, the very heart of what we are responsible for in our jobs, the brand, the user experience, the revenue, these things are the things that we’re already responsible for and whether you want to recognize it or not. Security plays into that in a big big way.
Christian Klepp 34:57
Absolutely. And they are at risk of getting, you know, for lack of a better description of risk of getting compromised.
Kathleen Booth 35:03
Absolutely.
Christian Klepp 35:04
Yeah. Kathleen, I mean, you know, these are some, like fantastic insights and the super, super informative conversation. Um, you know, please do us the honor of telling us a bit about yourself.
Kathleen Booth 35:16
Oh, boy. So I have a sort of a strange story. I mean, I’ve been in marketing for a long time, I actually spent the first 10 to 15 years of my career not working in marketing, I worked in international development consulting. But I had done I spent a lot of time in school because I didn’t know what I wanted to be when I grew up. So I studied international development. And then I also studied marketing. And so I came out of school with this, this MBA and marketing. And it wasn’t until the tail end of my international development career that I started using it, I was doing more work on strategic communications. So when I decided to get married and have children, and I couldn’t travel around the world anymore, my husband and I started a marketing agency. And it was a great experience 11 years of working with a ton of different brands, you know, in many different industries, B2B, B2C, local, national, international, I loved it. But there did come a time where it made sense for a variety of reasons for me to exit that. And so we sold that company to a friendly competitor. And since then, I’ve been in a variety of basically VP of Marketing roles in-house. Most recently, at a series of B2B technology companies, I love technology. I’ve always loved cybersecurity, I had a lot of cybersecurity clients when I had my agency. And I happen to live very close to the National Security Agency. So there’s a lot of companies in that vertical close to where I live. And so and I think where I am now clean.io, it’s really come full circle, because it’s a company where I get to market to marketers, which is what I’ve done my whole career, and to also deal with cybersecurity, even though we don’t call it that. So kind of married to things that don’t often get found together, which I love. But, uh, that’s sort of who I am professionally. And then outside of work, I host the Inbound Success podcast, which is coming up on its 200th episode. Like really soon. So that’s been exciting. Yeah.
Christian Klepp 37:10
Amazing story, Kathleen, I, you know, I have to say, I think you’re probably the first person that’s told me I live close to the NSA.
Kathleen Booth 37:19
I don’t work there. So I guess I can say that. I probably shouldn’t work there, because I’d have
Christian Klepp 37:25
Probably, probably not. Kathleen, thank you so much. This has been such a great session. And you know, thanks so much for coming on and sharing. What’s the best way for people out there to like, you know, touch base with you, connect with you?
Kathleen Booth 37:39
Absolutely. So you can of course, go to clean.io, which is our company name and our website, and you’ll find more information on me there. Or you can connect with me on LinkedIn. I love LinkedIn. I spend a lot of time there and I will definitely accept your connection request and happy to answer any questions.
Christian Klepp 37:55
Fantastic, Kathleen Booth. This has been an absolute pleasure. Thanks again for your time. So take care. Stay safe and talk to you soon.
Kathleen Booth 38:03
Thanks, Christian.
Christian Klepp 38:04
Bye for now.
Thank you for joining us on this episode of the B2B Marketers on a Mission podcast. To learn more about what we do here at EINBLICK, please visit our website at www.einblick.co and be sure to subscribe to the show on iTunes or your favorite podcast player.