If your company is faking this, it could make it a target for hackers

It’s never been more important for brands, companies, and businesses to display a moral code and a sense of ethics. The world is changing in 2020, we can feel it all around us right now, and modern consumers aren’t willing to patronize or spend their money on companies they believe to be corrupt, unethical, or actively polluting the environment.

So, tons of companies have gone to work over the past few years constructing a cleaner, shinier public image for themselves. Just like so many other aspects of the corporate machine, however, many of these campaigns have come across as less than totally genuine. Do most of these companies really care about equal rights for all people, climate change, and cracking down on workplace harassment? Or are they only concerned about portraying an appealing public image?

A fascinating new study from Notre Dame University has a warning for companies who are attempting to appear socially conscious and responsible. Take real action across all areas of your business, because firms that are perceived as faking their ethics are being targeted by hackers.

Considered a fringe problem just a decade or so ago, cybercrime and data breaches have become a big corporate concern over the past few years. Countless major companies, from eBay to LinkedIn, have seen millions of their users’ information compromised due to hacks. 

At first glance, it’s easy to write off these hackers as any other group of criminals looking to make a quick buck, but in many instances, money doesn’t appear to be their main motivation. The well known hacking group Anonymous recently returned to the global stage due to the nationwide protests in response to George Floyd’s murder. Just like how modern consumers have taken on a more ethically responsible mindset, hackers seem to be specifically targeting entities they dislike & believe are deceiving the public.

The study’s authors use recent hacking activities aimed at the World Health Organization as an example. The WHO has been under intense scrutiny regarding its response, or perhaps lack of response, to COVID-19.

“Recent hacking activity, including 25,000 email addresses and passwords allegedly from the National Institutes of Health, WHO, Gates Foundation and others being posted online, is supported by our findings,” comments study author Corey Angst, professor of IT, analytics and operations at Notre Dame’s Mendoza College of Business, in a university release. “What is most surprising is that firms that are ‘bad actors’ regarding corporate social responsibility are generally no more likely to be breached than firms that are good. In fact, the opposite is true.”

As professor Angst mentioned, the research suggests that companies who make no effort to hide or change their poor social ethics are less likely to be hacked than firms putting forth a disingenuous public image. So, if a company is constantly talking about its philanthropic endeavors while still contributing greatly to environmental pollution, that business is at a greater risk of a cyber attack than most of its peers.

“Delving into this latter finding, our results suggest firms that simultaneously have peripheral CSR strengths alongside major concerns in other areas are at increased risk of breach,” professor Angst explains. “This reality for firms with seemingly disingenuous CSR records suggests that ‘greenwashing’ efforts to mask poor social performance make firms attractive targets for security exploitation. Some perpetrators can ‘sniff out’ firms’ attempts to give the appearance of social responsibility, and, consequently, these firms are more often victimized by malicious data breaches.”

Publicly available data on 189 data breaches between 2005 and 2010 were used for this study, in combination with assessments of each of those companies’ corporate social responsibility actions and campaigns.

“Corporate leaders need to understand that hackers are seeing through weak attempts at CSR,” professor Angst concludes. “They are taking matters into their own hands and acting as corporate disciplinarians by breaching the technology infrastructure of firms that they deem to be promoting themselves as good corporate citizens when in fact there are blemishes under the surface. When firms portray themselves as ‘holier-than-thou,’ any small misstep could trigger an attack.”

All in all, it seems the moral of this story is for companies to be sincere when it comes to corporate social responsibility. Regardless of any cyberattacks, an ethical and transparent corporate image is integral to the sustained success of any venture in 2020.

The full study can be found here, published in Information Systems Research.

John Anderer is a frequent contributor for Ladders News.