WPP Cyberattack Serves as a Wake-Up Call to Agencies and CMOs Alike

Security experts say marketers must get involved

Many offices are still suffering through server difficulties today.
Getty Images

More than 24 hours after news broke that a ransomware attack had effectively disabled the world’s largest advertising company, WPP has yet to fully recover.

Several hours ago, the company issued a statement acknowledging that the incident is ongoing.

According to multiple WPP employees who spoke to Adweek, staff at various offices left work early yesterday due to an inability to access their networks. And while Macs were unaffected, all who use the Windows operating system continued to experience server issues today.

Sorrell reassures staff as rivals debate next steps

“Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business,” read last night’s internal memo attributed to chairman Martin Sorrell. “We are a group packed full of highly creative, ingenious and dedicated people. I urge you all to put those qualities to use in making sure that what our clients experience in the hours and days ahead is as close to business as usual as we can possibly manage.”

"Marketing and security are going to have to converge in some meaningful way, because these things affect customer experiences."
Steven Wolfe Pereira, Neustar

Meanwhile, observers around the industry speculated about the implications of what appeared to be a chance encounter between WPP and a group of still-unknown hackers seeking to indiscriminately cripple businesses in the interest of short-term monetary gains.

Spokespeople for WPP’s chief competitors Omnicom, Publicis Groupe and IPG declined to comment on the news. But privately, many wondered whether the security systems that these huge networks currently have in place could have prevented such an incident—and how they should proceed in addressing a long-simmering threat that became very real this week.

“Over the last 24 hours, my inbox has been blowing up with messages from recruiters,” said Tom Pageler, chief risk officer and chief information security officer at Neustar, a company that specializes in risk management and related services. He added that one “very large” company had reached out regarding what it called an “urgent position” managing data security.

“The industry realizes that they’re really not where they need to be,” he said. “When you see recruiting efforts pick up, you know it’s really bad.”

An industry caught unprepared

Experts have now determined that the attack was a variation on May’s WannaCry, which also targeted Windows systems and demanded payment in bitcoin form. Despite a series of “patches” developed by Microsoft in March, both that attack and the one that hit this week did significant damage to a number of businesses and government organizations.

“Enterprises are clearly not prioritizing patches effectively,” said Forrester senior analyst Josh Zelonis in summing up his key takeaway. “While some organizations may have situations where they are unable to patch, that excuse doesn’t scale when you get a worm causing damage on this level.”

“WPP got hit because they’re so large and they have a presence in Ukraine,” said Pageler, who formerly led cyber security and fraud initiatives at JPMorgan Chase. “Ransomware is definitely here to stay,” he added, citing a dramatic growth in such attacks over the past two years.

“There’s no way to anticipate what the next attack is going to be. Marketing and security are going to have to converge in some meaningful way, because these things affect customer experiences,” said Neustar chief marketing and communications officer Steven Wolfe Pereira.

Time for marketers to step up

Agencies are not unaware of this fact. In recent years, many of the largest networks have built internal security teams equipped to deploy their own patches and hired third-party firms to test their systems by sending fake scam emails in an attempt to better gauge internal readiness. But Pageler said such wide-scale defensive measures can prove difficult within organizations as large and widespread as WPP, and other holding company sources agree that there is simply no way to know whether their own systems could have prevented what happened this week. One particularly frightening aspect of the WannaCry virus model is that it can affect fully patched systems once it gains access to the larger network.