A virtual Swiss Guard

When the Vatican fell victim to an online attack, the event served to raise awareness over issues of cyber security.



Last year witnessed the highest level yet recorded of significant hacking attempts against organisational networks, according to a report by Infosecurity Europe and Computer Weekly (Information Security Breaches Survey, 2012).

It's easy to understand why the sheer drama of secretive groups of ‘hacktivists’ waging guerrilla warfare on formidable organisations is so appealing to the media: the clash of David and Goliath is a perennial favourite, and the stated aims and motivations of the hackers are often socially motivated.

What receives less attention, however, is the problem of shoring up your defences against the threat of attack. Organisations large and small are at risk, and one media campaign took on the challenge of educating the public about the how and why of online security.

Breaching powerful defences

In August 2011, a European client of US-based data security company Imperva was the target of an unsuccessful attack by online hacker group Anonymous. This decentralised network of cyber-vigilantes have an impressive track record of online interventions: defending fileshare sites, attacking government websites, supporting the Occupy movement, and targeting wrong-doers. Ther target this time was one of their most ambitious yet. Although Imperva have been carful in not confirming the identity of the target, neither then nor now, in February 2012 the New York Times identified the target as none other than the Vatican: “The elusive hacker movement known as Anonymous has carried out internet attacks on well-known organisations like Sony and PBS. In August, the group went after its most prominent target yet: the Vatican.” (‘In Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics’, February 26, 2012). Regardless of the secrecy involved, this Anonymous attack on an anonymous client proved to be the ideal opportunity to raise the visibility of Imperva’s services throughout 2012 and position it as the go-to cyber defence expert, as well as bringing issues of online security out into the open.

The media buzz around Anonymous attacks had already been identified by Lewis PR as a suitable starting-point for Imperva’s media outreach in European markets, and, actively encouraged by the targeted organisation, this latest attack was used as the basis for a communication campaign for the benefit of media in Germany and beyond. Due to a number of data leaks at high-profile organisations, the German media were newly interested in stories around hacking and data loss.

Together with Lewis PR, Imperva drew up a detailed report exploring issues such as the psychology of hackers and the urgency of cyber security. Extracting a compelling narrative from potentially dry technological details was the first challenge to overcome. According to Ronny Winkler, managing director of Lewis PR in Germany, the aim was to “tell the story in a way that encouraged the media and put them in the right direction to start researching and finding out what’s going on behind the scenes.”

Too little, too late?

Having set the groundwork by highlighting the threat of hacking, the media campaign then positioned Imperva as a leader in the field of data security, being the expert that identified and analysed the attack and which could protect its customers. Barry Shteiman, senior security strategist at Imperva, explained to Communication Director just how formidable is the threat represented by hackers: “Organisations don’t understand that a lot of the approaches they use for security today don’t work,” says Shteiman. “Hackers are by definition innovators and early adopters, they look for ways around what you have in place today. So it was important to get people to start thinking about new, more modern techniques for defence.”

For Shteiman, the main obstacle preventing organisations from successfully defending themselves against hackers is their own complacency. “It’s quite simple”, he says. “(Organisations) don’t do anything until they’ve been breached. They always think they’re secure until there’s a problem. A lot of companies don’t ask the question, “What are hackers doing tomorrow that will affect me?” So they just wait until something bad happens and then make changes, instead of being proactive.”

Out in the open

Another challenge that the media campaign had to overcome was the fact that Lewis PR was not allowed to disclose the target organisation. “Every PR professional perfectly knows how difficult it is to get media listen to a story without putting all the cards on the table,” Winkler told Communication Director. In addition to the main case story, Imperva’s media blitz also drew on other relevant stories, including the group’s recruiting campaign in Germany, several stories on hacker group LulzSec and blogs and infographics on industrial hacking.

Once these stories had succeeded in capturing media attention, Imperva followed through with hard data, presenting a survey that analysed a hacker forum with 220,000 members, providing insight into hacker psychology and strategy and shedding new light on how hackers operate. The results were announced at a press tour. Stories referenced Imperva technology to provide a sales hook. Among the campaign’s results were 240 articles in business, national and information technology titles, including Handelsblatt, FAZ, Silicon.de, Focus and Computerwoche.

Generating buzz

Another sign of just how successful Lewis PR was in identifying Imperva with online security was that over 50 publications in Germany called Imperva the ‘company that identified LulSec’. Winkler acknowledges “That is not absolutely correct, and neither we nor Imperva communicated that directly, but it is a good indicator for the high profile that Imperva gained.”  Following through on this media splash, Lewis PR are in frequent contact with Barry Shteiman and Imperva, updating him on the important stories and topics that journalists might be interested in and organising press tours for Imperva once or twice a year.

For Shteiman, this media campaign “definitely lifted our notoriety. It helped to expose to enterprises how they need to adjust their security approaches and changed the dialogue around what’s the right approach to security.” And some final advice from Imperva to anyone concerned about the sisues raised? “It’s time to rebalance your security portfolio.”

Expert Opinions

"Is the value of your product not apparent at first sight? Do ‘non-technical’ people find it difficult to understand its necessity? Does the client not want to be mentioned? When all three are the case, the biggest challenge is finding the right balance between tech-talk and a compelling story that does not leave your audience behind. A possible crisis can then suddenly become an opportunity to reach the masses. Positioning Imperva as a protector of data by creating an image of a ‘virtual Swiss Guard’ was very smart. A highly venerable symbol such as the Swiss Guard automatically implies trustworthiness. Furthermore it immediately projects a clear understanding in everyone’s head, independent of your knowledge of online security. Once the attention of the business media was attracted and the issue put under media focus, general awareness could be raised by using several channels. Providing a detailed report on hacker psychology and strategy, being present in social media and informing the public with monthly reports gave the company a clear profile as a reliable guide. And the response proves that the strategy was correct: a great deal of attention to online security, numerous mentions in well known publications, and most importantly, being regarded as security expert. This incident serves to illustrate that recognising the opportunity to develop a story quickly is one thing: you must deliver what you promise."

Zeynep Balioglu, Head of Online Communications, Infineon Technologies

"In my opinion one of the major success factors of this campaign was timing. As most of us know, timing is everything in communication. Timing can make or break the effectiveness of a communication process, especially in campaigns. Your message may be important, but if it is delivered too late, it will be irrelevant. Likewise, if you try to deliver a message at a time that the audience is not receptive, your efforts may be wasted. Imperva and Lewis PR saw an opportunity when German media became fascinated by hacking stories and immediately jumped on the bandwagon. By pitching blog posts, responding to breaking stories around hacker groups and using smart infographics, Imperva was on the tip of their target audience’s tongue. This might  sound easy but can only be achieved with the right tone, right words and right timing for the right audience and via the right communication channels. The positioning of Imperva as the ‘virtual Swiss Guard’ was another key factor to the campaign success. In their detailed report that summarises the hacking attack on the Vatican, they could only refer to their principal as ‘a client’. However, by stating that Imperva was a virtual Swiss Guard, their target audience – who had heard rumours – immediately associated the report to The Vatican.  Anything regarding the Vatican is popular to write about, so the report was widely spread and read by many business decision makers, thus positioning Imperva as frontrunner of online security systems."

Thomas Blom, Webmanager, TNO