No one in the media industry can afford to overlook the risk of cyberattacks.
From boutique publishing houses and community newspapers right up to major international conglomerates, hackers are targeting media companies of all shapes and sizes.
These online crimes, which IBM defines as “unwelcome attempts to steal, expose, alter, disable or destroy information through unauthorized access to computer systems,” don’t just disrupt business — they can cause huge financial losses. Costs related to cybercrime are increasing 15% annually and are expected to reach $10.5 trillion by 2025.
Worryingly, media organizations are facing more and more cyber threats these days. Macmillan, one of the world’s Big Five publishers, was recently hacked, forcing the company to temporarily close its offices and miss orders. The incident followed the high-profile attacks against Rupert Murdoch’s News Corp, as well as Amedia, which left the Norwegian publisher unable to bring newspapers to print.
Overall, media — including telecom, news outlets, publishers, and movie productions — was the 10th most-attacked industry last year, according to the IBM Security X-Force Threat Intelligence Index.
How are publishers responding?
Unsurprisingly, in response to heightened threats, some organizations are spending heavily to shore up their digital defenses. Cybersecurity spending is projected to reach $101.5 billion by 2025, according to McKinsey & Company.
Many are turning to immutable backup storage: Data contained in immutable storage can’t be meddled with, deleted, or modified, thereby reducing the risk of an attack. This is one way to prevent ransomware, a form of malware that holds a victim’s data hostage. “Ransomware hackers know that if you can restore your systems from backups, they are unlikely to be able to extort ransom from you,” one cybersecurity expert tells Digital Journal. The solution is complex but highly effective and worth the investment.
Of course, few — if any — publishers have bottomless resources to throw at the problem. That said, here are two cybersecurity tools that don’t require a team of consultants or a large IT department to implement:
- Multi-factor authentication: Everyone has likely encountered multi-factor authentication at some point. It’s a system that requires users to verify their identity with two or more credentials — like how ATMs require you to insert your debit card and provide a PIN. For a publisher, this could mean requiring users to enter their password and a codes sent to their mobile device from two separate devices to gain access to a system.
- Anti-malware software: Most online threats stem from malware, which is engineered to destroy or access software systems. It often ends up installed on devices after a user accidentally clicks on a link or file. Cybercriminals often employ phishing attacks, where they pretend to be someone else — like a colleague or bank contact — to get users to engage with phony emails. Anti-malware software is there to detect any malicious software, remove it, and (if possible) repair the damage.
While even relatively simple security improvements can go a long way, it’s important that publishers don’t lose sight of the fact that people are the first, last, and best source of defense against cyberattacks. Serious time and effort should be invested in what we’ll call the human element of cybersecurity.
Why publishers shouldn’t ignore the human element of cybersecurity
82% of data breaches involve a human element, like a user clicking a link in a phishing email, according to the Verizon 2022 Data Breach Investigations Report.
That means building a so-called “digital fence” with tech tools isn’t enough. Publishers also need their employees to be on high alert and practicing good digital hygiene, which encompasses a series of guidelines and best practices. Here are four to keep in mind:
- Use strong passwords with a password manager
- Regularly update software
- Back up devices frequently
- Never click on a links or open files unless you are sure of the source
But how do publishers make sure that employees follow all the best practices and exercise caution?
3 steps to take towards a people-first cybersecurity strategy
Prevention is the strongest remedy to cyberattacks, and employees are in a position to act as gatekeepers to systems and data. Accordingly, publishers must invest time and energy to create a people-first cybersecurity strategy.
Here are three steps to creating a people-first cybersecurity strategy:
1. Provide training and resources: A few company-wide emails or a five-minute slideshow aren’t enough — but the extent of the training and resources required varies from case to case. It’s a good idea to target specific security training to high-risk roles, for example. There’s been a 53% increase in the total number of hours that employees spend on cybersecurity training annually since 2019 — but boring training is not effective.
Fortunately, there are ways to counter ideas that employees may have about the training being dull or even a waste of time. “Security awareness training must be compelling and memorable to result in serious change,” according to cybersecurity experts Osterman Research. “Organizations should seek out vendors that offer quizzes, micro-learning experiences and other fun types of gamification that will keep users engaged.”
2. Make sure leadership sets the right example: Management is always setting an example, so publishers need to monitor to ensure that once they’ve issued cybersecurity directives, all levels of employees are engaged. Loyalty is typically compromised when management doesn’t demonstrate the behavior they’re asking of others.
3. Test, test, test: It’s commonplace for IT departments to test software and hardware for vulnerabilities before hackers get the chance to find them. However, it’s at least equally important to test employees as well. For instance, run regular phishing tests to see how different teams perform. Use the results to inform future training sessions and avert future mistakes.
The next step? Don’t let your guard down
At Lineup, we’ve seen first-hand how focusing equally on the technical and the human elements of cybersecurity pays off.
We are constantly introducing new ways to engage and educate our teams on the threat of cybersecurity, and what they can do to protect against it. In parallel we continuously innovate in our technical measures, such as the recent introduction of an immutable backup solution to add an extra line of defense for our customers’ data.
Our phish-prone percentage (PPP) at Lineup — a measure of how likely our employees are to click on a suspicious link or email — is 0.5%. The average across all industries and companies? 37.9%, according to the 2020 Phishing by Industry Benchmarking Report.
However, our success doesn’t mean we can rest easy — and neither should publishers. The threat of cyberattacks is ever present, and remember: no matter how well trained your staff is and how up to date your tech is, a cyberattack is only ever one wrong click away.