Archive for January, 2009

Are Semantic Attacks the Next Level of Cyber Jitters?

During my research on business threats from social media, I found the ENISA (European Network & Information Security Agency) site.  An arm of the EU government, this site provides much interesting information about hardware, software, and network procedural security.  One of the links they provided in the reference section was to the Information Warfare Site. Yes.  I know.  It sounds a bit strange, maybe even pretentious or nerd-like.  Even though it appears that this site hasn’t been updated for a while, they had an interesting idea there about which I’d like to talk.  Excuse me.  I’m not really talking, but you get it.

It’s a “Semantic Attack.”

A brief quote there, by Bruce Schneier,  brought me to the phrase “semantic attack.”  Indeed I had been recently searching my mind for such a phrase because I have become involved in explaining to clients the possibility of business threats which take the form of informational or content alteration, i.e. reality bending, misinformation, disinformation, propaganda, or just out-and-out lying about a company or its products/services.  Quite a mouthful, eh?  That’s why I’ve been looking for a compact term to encapsulate this concept.

See?  Semantic attack is more descriptive, word-efficient, and a lot sexier I might add.  Before he introduced the term “semantic attack,” Bruce’s quote touched on two other types of internet attacks; the kind of which we have been seeing for a while.  All three attack types are as follows:

  • First Wave – Attacks that are targeted at the physical electronics of a computer system, (e.g. overloads).
  • Second Wave – Syntactic attacks, targeting the computer’s operating logic, (e.g. viruses). (Parenthesis mine.)

And the attack type which is the subject of this post:

  • Third Wave – Semantic attacks. “Will target data and it’s meaning. This includes fake press releases, false rumors, manipulated databases. The most severe semantic attacks will be against automatic systems, such as intelligent agents, remote-control devices, etc., that rigidly accept input and have limited ability to evaluate. Semantic attacks are much harder to defend against because they target meaning rather than software flaws. They play on security flaws in people, not in systems. Always remember: amateurs hack systems, professionals hack people.”

Kudos to Bruce’s thoughts.

The Most Insidious of Attacks

Let’s think about this.  Indeed semantic attacks would be the most severe and hardest against which to guard.  (This idea that Bruce touches on relates to one that I explored in a recent post about the “insecurity” that exists when many people admit “friends” or connections into their social networks.) Security flaws in hardware and software can be detected, analyzed, and repaired more easily than flaws in the ways humans handle information.  Humans are imperfect machines, while machines are, well, a little more perfect.  Ironic, isn’t it?  Especially since it is humans who design and build the machines.  But that’s a whole different discussion.

Semantic attacks.  So although this term is not perfect for the concept which I want to communicate, it’s getting close.  To get closer I researched this idea more.

There is a school of thought out there that says that semantic attacks are something a bit different than the concept that Bruce puts forth.  Uh-oh.  Are we getting farther from the definition instead of closer?  :-(   Perhaps.  These definitions of the term “semantic attack” apply to such low-life activity as phishing scams and its accompanying URL modification. Check this link for a reference.  Hmmm.  This is getting farther away from the type of threat that I’m trying to illustrate.  So, to pull this back on point, I’ll differentiate that phishing idea from what I’m trying to communicate.  I’ll change the term slightly.

Instead of “attacks,” I’ll use the term “semantic strikes” to refer to the insidious modification of meaning in an effort, by opposing forces, to alter the image of a company.  Insidious indeed.  Semantic strikes.  So how are these dangerous to a company?  Whether intentional or unintentional, semantic strikes can be used in brand redefinition processes.  Brand redefinition: an alteration of a brand’s image to be other than that as crafted by the brand shop of its owner.

Whose Brand Is It, Anway?

Now, as it’s been said many times, it’s really the consumer/customer who defines the brand long-term.  Their experience with the product or service and the company creates the image of the brand in the mind of each individual.  Collectively, those minds create the brand image.  Ahh, there’s a problem; there’s the basis of a business threat.  The brand reality is scattered out there among many different heads.  And that reality may or may not be the same as that engineered by the brand’s managers, released on the brand’s birthday. So, if the brand reality is diffused; if the brand, in individuals’ minds, means things other than what the company intended, where’s the threat?

The threat is that if the brand image is not unified in the market segment, then management has essentially lost control. Loss of marketing control is not going to look good in the annual report.  But if, as is said about price discrimination (where legal, that is), if the market can be sealed, then there is no threat.  Well today, given social media, the market cannot be sealed against different “realities” of brand image.  And as those different realities get splayed across computer screens around the globe, reality, brand reality that is, begins to change.  Rapidly.

I’ll bet Bruce never envisioned this.  He wrote has his quote about semantic attacks before social media really picked up speed, back there in the Web 1.0 days.

Before social media there was little opportunity for alternate brand realities to congregate, at least in any meaningful way.  The market of minds was effectively “sealed.”  Not so now.  And Bruce’s term of  “semantic attack” was coined long before social media found its legs.  He foresaw the possibility of this happening, but perhaps not the probability.  That probability has increased exponentially with social media.

Perception IS Reality

When that market of minds was essentially sealed, they could only, again in any meaningful way, be penetrated by mass media, “controlled” as many theorize (sometimes “conspiratorially”) by corporate interests, the same interests as those who owned the brands.  But via social media that mind-control, if you will, has been diluted, decreased.  Social media mitigates the effects of mass media on brand image messaging.

Remember the “Telephone Game” when you were a kid?  You’d start a message at the front of a line of kids and relay the message verbally through perhaps 30 or 40 kids.  Each kid got only one chance to whisper the message forward.  By the time the message got to the last kid in the line, the message usually bore little resemblance to the message that started out in the front of the line.  (I used to love that game.)  Well, that, basically, is what can happen to brand images within social media.  The brand message gets altered, rapidly, on a global scale.

Talk about cyber jitters!

Business Threat á la Sui Generis

I’ve been in the business world for a while.  I’ve seen a lot of threats come, get handled, and then go away.  But this one is different, because of the magnitude, because of human nature being what it is.

The measurement in social media of virality, velocity, and veracity is critical now.  Of course, marketers will want to know how far and fast a message spreads.  That was certainly important in the Web 1.0 days, and even prior to those times.  But now with social media, veracity as a critical measurement comes into play.  And its a factor that can not only be unintentionally modified (as in The Telephone Game), but also deliberately altered as in corporate subterfuge.

And you thought brand managers had enough to worry about.

______________________________________________

Did you like this article?  Then Tweet it!  Just click “Share This,” then click “Post,” then click “Twitter.”

Post to Twitter

  • Share/Bookmark

Tags: ,

Is It Real . . . or Is It Fishing?

This post isn’t about phishing; it’s about fishing for information absent the incognito part.

Recently in one of my LinkedIn groups, there was a curious inquiry from a group member.  He was looking for a vendor of competitive intelligence services for online media owners that was based in the U.K.   The request wasn’t more specific than that and being in this business I decided to have a look, a cautious look.

There were three responses, none of them on target but close.  I looked at the name and title(s) of the person posing the question.  My curiosity piqued.  It appeared that the person making the inquiry may have the skills being called for.  I thought, “Is this a genuine inquiry?  Perhaps for a partnership?  Or is this a quick and easy deployment of competitive intelligence to identify potential competitors?”  In other words, was this guy on a fishing trip, wrapping CI with CI?

Here’s the link.  Click.  You be the judge.

Post to Twitter

  • Share/Bookmark

How to Figure Return on Investment for Your Competitor’s Blog – Part 2

In our previous post on this subject, we discussed how you may analyze a return on investment for your competitor’s blog program. This is a competitive intelligence job desired by many companies involved in the corporate blogosphere. The previous post talked about defining the competitive returns. Today, in this post, we’ll discuss the actual investments that the competitor needs to make in order to create and maintain a company blog.

The Investments

Below, in Figure 1, you’ll find the investments that a competitor must make in their corporate blogging program. Now, some folks may read these and think: “Hey, these aren’t investments. These are costs.”

If you find yourself leaning that way, please change your thinking cap now.

They’re investments. Here’s why.

Costs are expenditures made which achieve approximately the same return value in the short run, with no little or no value expected in the long run. Investments are dedications of funds to something where the expectation of return in the long run is in excess of the amount dedicated. In other words, read that as “profit.”

Figure 1

This is what you’ll do when you invest these funds in a corporate blog marketing program; you’ll expect a return over the amount dedicated to the effort. And so will your competitors. After all, they’re not a bunch of fools. If they were, you wouldn’t consider analyzing their blog marketing program.

Let us discuss in more detail the investments that must be made in a corporate blog marketing program.

  • Blogging Platform – This is the software that manages the blogging process. It’s relatively inexpensive. Some of it is even free, although we don’t recommend the free versions.
  • Policy Creation – These are the blogging rules and procedures made by management. Management will consider who will do the blog writing, what the content of the posts will be, when the article posts will be made, how topics for articles will be determined, what needs to be derived from the blog marketing program, and other issues. To make these rules takes time and time, even salaried time, is money that could be used elsewhere. So that money must be apportioned to the blog project expense ledger and regarded as an investment in the blog marketing program.
  • Training – It’s expected that someone other than those who make the blogging rules will carry them out. So, instruction in the policies and procedures determined from the policy creation step will be needed. Again, training takes time. The usage of this time must be credited to the blog marketing program ledger.
  • Employee/Author Writing Time – The explicit price of blogging is fairly low (i.e., software and infrastructure), but, like the policy creation and training steps, writing time is an implicit investment. So, the writing time must be assessed, budgeted and controlled.
  • Legal Review – Company attorneys should be consulted during the Policy Creation step so that rules and procedures may be formed regarding the content of blog articles and copyright issues governing photographs and other intellectual property to be posted on the blog. As we all know, attorneys aren’t cheap, even corporate ones. After all, their time could be applied to other things. So any time that attorneys apply to the blog marketing program must be logged as an investment.

Identifying the Numbers

How are these investment figures identified for your competitor? The amounts of time that the competitor has dedicated to the above tasks may very well have been discussed in the social media. Competitive intelligence from the target blog itself may be available. A good scrape of relevant social media by the competitive intelligence manager may prove beneficial in identifying the number of hours your competitor devoted or, at least, the number of hours devoted by companies similar to your target. Using the latter, of course, would involve an estimate, but that’s why it’s called competitive intelligence and not competitive information. From there it’s a short leap to pair an hourly rate with the time spent, and then it’s just arithmetic.

Short of finding any tidbits about the amount of time devoted to the target blogging program, a reasonable estimate can be derived via a bit of “internal introspection” within your own organization. A few meetings with the appropriate personnel should begin to flesh out some estimates of the amount of hours that would need to be devoted to each of the above tasks. After that, an assignment of hourly rates, then the arithmetic.

The Actual Calculation

Once you’ve determined all your cost reductions for a specific period of time, which is what we blogged about in our other post, these cost reductions become the Returns. To define the return on investment, the ROI, is then just a simple arithmetic matter in which Returns are represented as a percentage of the Investments.

Competitive Returns/Competitive Investments = Competitive ROI

Please note.

The Returns should be calculated for a certain period of time, say one fiscal year.

So within these two posts, we’ve given you a great way to assess the ROI of your competitor’s blog. Certainly there are other methods available, but this one should get you started in the right direction.

Post to Twitter

  • Share/Bookmark

How to Figure Return on Investment for Your Competitor’s Blog – Part 1

It’s no secret that corporations are jumping into blog marketing, some in a fairly big way. As companies devote more resources to their blog marketing program, their opportunities for capturing consumer insights increase directly to the amount of effort devoted.

Competitive Conversation

Blogs, of course, are known for their ability to generate conversations, and conversations among consumers are worth their weight in gold, figuratively speaking certainly as conversations weigh nothing. Traditionally, companies have derived consumer insight from conversations developed in focus groups, and competitors have not been able to eaves drop on those bits of consumer wisdom.

But now, by visiting these corporate blogs, the importance of competitive intelligence may be realized in that you have the ability to “sit in” on these conversations, leveraging your ability to gain strategic insights based on the direction of your competitor’s consumer’s thoughts. Surely, this is not a big secret to those companies already actively engaged in the blogosphere. What might not be realized as readily, however, is the calculable value of the thoughts that consumers share with a competitor. This realization requires an ROI calculation. Return on Investment. ROI. That pesky little concept that keeps poking its head up in meetings, demanding to be recognized, and spoiling all the fun.

Qualitative Evaluation

There are two ways to value the intelligence coming from a review of comments from a competitive blog. One, is to evaluate qualitatively the importance of the competitive intelligence found within the comments.

  • What do consumers say that they like about the competitor’s offerings?
  • What do consumers say that they hate about the competitor’s offerings?
  • What suggestions are they making?
  • What product or service features would they like to see changed?

This list could go on. But the point is clear.

There are many methods of determining the answers to these questions. One of the most efficient would be to use some sort of web monitoring software. However, using that type of analysis would require additional information and much, much more knowledge about the competitor, independent of what is revealed within social media. This qualitative analysis would need to be put into the context of the competitor’s overall business environment and markets. By definition, the introduction of this additional information, from sources other than social media, would preclude a strict ROI calculation from the blog alone.

Yet, this doesn’t mean that a competitive ROI can’t be determined for your competitor’s blog marketing effort.

CIP

Cost-improvement program. CIP. Remember those words from some meeting in which you may not have been paying as close attention as perhaps you should have.

A more straightforward way to determine competitive blog ROI is to analyze how much the competitor can be saving on focus group costs. See the figure below.

Blogs have many goals in consumer marketing, but here we’re going to examine just one. The blog goal to be measured, in this example and as previously mentioned, would be to capture consumer insights, to discover new services/products or to find problems with existing services/products. Competitive intelligence is perfectly positioned to determine the returns gained by the competitor in the pursuit of this blog goal.

The measurement in analyzing the achievement of this goal by your competitor would be to track the number of useful comments garnered by the competitive blog. Now, certainly this is an area where the competitive intelligence function would need assistance from marketing. The marketers, with their experience in focus groups, would be able to separate the “wheat from the chaff” in terms of what is a “useful” comment and what is not.

Once the “wheat” is identified, an assessment can be made as to the cost of focus groups needed to gather the same number, and quality, of consumer comments. Where do you get that basic focus group cost info? From your company’s marketers. Most likely, your company’s focus group cost is about the same as that of your competitor. And that cost, a cost avoidance, a CIP, which we’ll call here the expected return on investment, represents the competitive return on the achievement of the consumer insight goal of the blog.

Okay. That covers half of our equation, the return, to determine a ROI for your competitor’s blog. But what about the other half? The investment? That’ll be the subject of our next post on this subject.

Post to Twitter

  • Share/Bookmark

Business Threats from Social Media – Part 4

In three recent posts, here and here and here, I explored the subject of business threats from social media. In those previous posts I referenced an ENISA (the European Network and Information Security Agency) white paper which outlines general threats from social networks, many of which are of a technical, infrastructure nature.  Yet, many of the threats they outlined were not technically oriented.  It’s those of the latter type that catch my attention.  My interest lies in pointing out the informational, content threats that exist for business in the open forum that is social media. It’s this type of threat that this series of posts is about.

Today’s post references ENISA designated Threat SN.15, Corporate Espionage, summarized on page 4 of the ENISA white paper. Threat SN.15 points out that, in social networks, the nastier among us are trying to carry out what ENISA refers to as “social engineering” attacks.  ENISA defines social engineering as:

A means of attack frequently used by hackers to bypass security mechanisms and access sensitive enterprise data – not by using technology (although technology may be involved), but by using the employees themselves.  Data is often acquired subtly and is gathered gradually piece by piece.

The definition seems a bit thick and academic in style.  I also think that the usage of the term “corporate espionage” is inaccurate.  Corporate espionage refers to an active, covert program to gain critical competitive information.  What ENISA discusses here is certainly an active program, but it is by no means covert.  In fact, if I indeed understand their definition correctly, what they’re talking about is entirely legal.  There is no “cloak and dagger” at all.  ENISA is talking about intelligence exploitation.

Or more accurately let’s call it competitive intelligence, the gathering of critical information that indicates a company’s competitiveness and that is in the public domain.  Some call that domain “open sources.”  Social media gives us intelligence analysts opportunity to mine like never before.  Let’s dig deeper into the ENISA example to see what I mean.

ENISA uses as an example of how sensitive company information may be extracted through use of social networks.  Not through anything like surreptitious interaction, mind you.  But simply by harvesting it.  They give an example of a well-known business social network via which you may gain a look at details on employees, past and present, of a given company.  Here’s a link that demonstrates what they’re talking about (ENISA cites this link in their white paper as reference number 66.)   You should really take a look at this link.  Go ahead.  It’ll pop open in a separate window.

Did you view the link?  Yes?  See what I mean?

Imagine a competitor trying to assemble a company org chart.  This link could be very helpful.  And it’s free.  Right there for the picking.  When I was a young competitive intelligence analyst I would have loved to have such a resource.  I could have gone home a lot earlier every day.

Is your company guilty of this kind of “intelligence gush?”  If so, you best take a hard look at what your employees are doing, lest you make it just too easy for your rivals.

Food for thought.  In future posts, I’ll be exploring more business threats from social media.  Subscribe free to our RSS alert so you won’t miss a post.

_________________

Like this post?  Tweet it! >> “Business Threats from Social Media – Part 4″  http://tinyurl.com/9kw6lx

Post to Twitter

  • Share/Bookmark

Mommy Bloggers Like The Borg?

The Borg from Star Trek that is; not Bjorn Borg that tennis pro from the 70s and 80s.  Whatever happened to him anyway?

In many ways, the Mommybloggers are a lot like The Borg, from Star Trek fame.  In fact this parallel was suggested in a post titled, “The Borg: Mommy Bloggers Assimilate Johnson & Johnson.”  Posted on AuburnMedia.com, on November 17, 2008 right in the middle of the whole Motrin flap, and written by Robert French.  In the article, Robert alludes to the comparison and includes a significant quote from The Borg mind itself.

“Strength is irrelevant, resistance is futile.  We wish to improve ourselves.  We will add your biological and technological distinctiveness to our own.  Your culture will adapt to service ours.

(The bold added was in Robert’s article, btw.)  Your culture will adapt to service ours.  I’ll take it that Robert implies that the “we” are the Mommybloggers while the “you” (implied) are companies from whom the Mommybloggers buy.

Now in a way, the Mommybloggers, if they are to be compared to The Borg, have it right.  Your culture will adapt to service ours.  Business serves the consumer.  Isn’t that the way it was set-up in the first place?  Long ago when the first entrepreneurial Cro-Magnon emerged from a cave somewhere in the south of what is today France, holding in his huge head an idea about an offer that no other Cro-Magnon could refuse, an idea that was intended to serve the betterment of his tribe, wasn’t that the beginning of business?  Yes.  Business was set up that way in the beginning, but somewhere between that cave dweller and here the idea must have gotten misplaced.  Maybe the idea wasn’t as sweet as he thought and he had to add his club into the marketing mix.  I say that only because I recall one of the first lessons I learned in business school, “The purpose of the corporation is to enrich the stockholders.”  And it shows.

So kudos to the Mommybloggers when they hold a corporation’s “feet to the fire” about lousy service or inferior products.  I’m no fan of the selling philosophy of business; the marketing philosophy makes more sense.  And Mommybloggers, as well as other factions, help remind companies of that difference.

But they do themselves, and the rest of us, a disservice when they erupt over small things, like the Motrin incident of November 2008, a flap over a promotional video.  Such protests, which could be regarded as trivial (and in fact by many were), only serve to diminish their authority as a respected power broker against the corporate, take-it-or-leave-it selling philosophy.  When complaining, a well-reasoned, logical argument is more effective than an emotionally charged, mindless, group-think rant.

Now, I’m not saying that Mommybloggers are mindless automatons like The Borg.  (Wait a minute.  Maybe I should say that.  After all, posts of that nature are notorious as link bait and traffic attractors. And they really fill out the comment column, too. :-) )  But I will say this.  Like the fabled Borg, Mommybloggers are a large, unstoppable, inexorable, relentless, overwhelming force furthering their agenda.  They, and many other groups in social media, are a definite threat to the way business has been and continues to be done.  For any business today, they certainly need to be understood.

Post to Twitter

  • Share/Bookmark

Tags: ,

Business Threats from Social Media – Part 3

In two recent posts, here and here, I explored the subject of business threats from social media. In those previous two posts I referenced an ENISA (the European Network and Information Security Agency) white paper which outlines general threats from social networks, most of which are of a technical, infrastructure nature.  Yet, many of the threats they outlined were not technically oriented.  Those are the sort in which I’m most interested.  My interest lies in pointing out the informational, content threats that exist for business in the open forum that is social media. It’s this type of threat that this series of posts is about.

Today’s post references ENISA designated Threat SN.11, Infiltration of Networks, shown on page 4 of the ENISA white paper. Threat SN.11 points out that, in social networks, information is restricted to a member’s group of friends or contacts.  That, says ENISA, is the first line of defense in privacy protection on social networks.  But this line of defense is not fool-proof because members will often accept friend or connection invitations or solicitations from persons known only tangentially and sometimes not at all.  Now for business people, this hole in the system shouldn’t present a major problem, if they watch what they say within the network.  Yet, both you and I know that this is not always the case.  Loose lips sink ships, remember.

Given that humans are human and people make mistakes, even the most careful of us, you as a social network member at some point will likely give up a little kernel of knowledge about your business or about your company.  It might only be a small piece of seemingly inconsequential information; perhaps something like a mention that you are taking a business trip to Albuquerque next week.   Generally most folks aren’t going to care about such banal statements.  Many of us, in fact, consider such statements on social networks as ego gratification which elicit in the minds of many readers the phrase, “Who gives a F?”

But there could very well be, lurking in your “friends” or “connections” list a friend or connection who isn’t who they say.  Think about it.  How easily do you let people into your network?  Would you let them into your house as easily? And when that secret agent sees that you are going to Albuquerque, he or she will put that together with other info about you or your company, drawing more complete competitive conclusions about your rivalry and your company’s strengths and weakenesses.  But Albuquerque?  What does that mean?

Probably nothing to most people.  But for intelligence agents in your industry, let’s just imagine that in Albuquerque resides one of the foremost marketing whizzes in your kind of business.  This guru has the ability to turn lead into gold.  Well, not literally, of course (I think alchemy went extinct in the 15th century :-) ), but you get the idea.  Or maybe in Albuquerque there is headquartered a company creating manufacturing technologies that are years ahead of their time, and can save any company in your industry at least 25% off manufacturing costs annually.  Wouldn’t either of these scenarios be something in which that lurking secret agent would be interested?  The answer is obvious.

So, again food for thought.  In future posts, I’ll be exploring more business threats from social media.  Subscribe free to our RSS alert so you won’t miss a post.

__________

Like this post?  Tweet it! >> “Business Threats from Social Media – Part 3″ http://tinyurl.com/82utbo

Post to Twitter

  • Share/Bookmark

Tags: ,

Get Adobe Flash playerPlugin by wpburn.com wordpress themes