Marketing experts highlight brand lessons in Heartbleed security flaw
- 30 April, 2014 18:07
Branding experts say the decision by security researchers to give the Heartbleed technology security vulnerability a visual brand identity was a clever way of raising its profile globally, and compare its effectiveness to the Y2K millennial bug.
The severe CVE-2014-0160 flaw, which effects software used to secure communications on millions of websites worldwide, was discovered by the security research team at Codenomicon on 3 April. Just days later, the team christened the bug ‘Heartbleed’, designed a logo, and created a dedicated website explaining the seriousness of the issue in general terms, as well as how organisations can deal with it.
Mark Di Somma, a brand strategist with US-based The Blake Project, claimed Heartbleed worked as an identity not just because it was represented by a logo, but because it gave new perspective to an idea.
“Powerful brands work because of how they connect with people,” he told CMO. “Often it’s not the technical specifications of a product or service we are attracted to. Through their naming, their symbolism and the ideas that become associated with them, brands take on meanings that extend beyond functionality. Brands come to represent more than what they are or do.”
Di Somma said most technical bugs fail to engage a wider audience because they are descriptions only relevant to those who understand them.
“Heartbleed’s evocative name describes the havoc this bug can deliver, and pairing that with a distinctive logo [particularly for the tech sector], Codenomicon has given a technical vulnerability a visual signature that many more people now recognise,” he said. “It provokes an emotional response in a sector where emotional responses are rare.”
Dan Ratner, the managing director of Australia-based communications agency, Uberbrand, said the flaw’s strong identity highlights its seriousness, while also delivering Codenomicon the opportunity to raise its business profile. He agreed that as a brand exercise, it achieved what it set out to do.
“The way these flaws are usually defined wouldn’t have got the same cut through, nor can it reflect the seriousness of the vulnerability compared with other ‘CVE’ security issues,” he said. “It doesn’t have sex appeal.
“The team at Codenomicon had to come up with a name and logo to communicate the key message of the issue in a way any layman can understand quickly, which is that this is a serious vulnerability and that something has to be done about it.”
Ratner described the simplified logo as both “sinister and very serious”, and saw the heart iconography as a highly emotive symbol. The bleeding, meanwhile, evokes fears of death.
“Those two elements create such an emotional connection with something that is highly technical, and otherwise has no emotion,” he continued. “What Codenomicon has done is to create a perception around this vulnerability and ultimately that is what brands are: A perception held in the mind of an individual.
“The message being portrayed is more than the name itself, but it’s the name giving us a perception of seriousness and its sinisterness. Your first thought here is that this is something bad.”
Director at Australian branding agency Hulsbosch, Jaid Hulsbosch, believed the Heartbleed brand had panicked online users into action.
“Across the spectrum of businesses, big and small, servers worldwide have been updated automatically or attended to with physical changes to conquer the threat,” he said. “Not since the profile of the Y2K scare, which was a problem that resulted from the practice of abbreviating the calendar year from four-digit year to two digits, has a threat to online security on this scale been such a challenge to everyday lives.
“The name itself is memorable as it resonates with malicious overtones and signals abilities to cripple the unguarded; ultimately gives it huge power. The logo has dramatic personality but hits the design target of simple and clean.”
Di Somma and Ratner pointed out the idea of giving security vulnerabilities is nothing new, and cited the Y2K bug as a great example of where branding had been used effectively for technology crises in the past.
Influenzas also have technical descriptions that make sense to clinicians, but are portrayed to the public as swine flu or bird flu, eliciting emotional responses from humans, Di Somma said. “They make something as abstract as an illness feel much more real and every day. They are also ideas that can be taken up by the media,” he said.
“The surprising and memorable identity of Heartbleed, when paired with the seriousness of the threat, made it news. People then respond to such threats by wanting an answer. By defining CVE-2014-0160 as a danger that people can understand and then solving it, Codenomicon has both highlighted and de-escalated the threat. The group’s brand is now associated with that success.”
In an interview with the <i>Guardian</i> in the UK, Codenomicon CEO, David Chartier, attributed the swift action taken by organisations to address Heartbleed to its memorable name and “cute” logo.
But despite Heartbleed’s resonance, branding experts don’t believe adopting a brand strategy for technology vulnerabilities automatically equals success.
“It’s the messaging which makes up the essence of the brand; that’s what drives the uptake,” Ratner added. “The logo and name provide us with a shortcut to that message of the seriousness of this flaw, and that is what has achieved mass attention and reach.
“Branding shortcuts to a single idea and message are done all the time, and I see this is good old fashioned spin.”