Media and cybersecurity
Like any company, media are targets to cyber-attacks aimed at extorting money, stealing their intellectual property, des personal data, to sabotage them, etc. However, they also face specific dangers as the data they generate and collect may be sensitive and as the confidentiality and credibility they once could guarantee, is now under threats.
The responsibility of the audience
Wether their audience is local, regional or international, media organizations play a major social, political, economical part in their perimeter of influence. They are source of information, entertainment, awareness messages, education… they represent a real power. Also, many media professionals have, individually, an important influence on public debates. Media organizations and professionals thus bear the responsibility of insuring the integrity of their broadcast and the reliability of their content. The threat of using them to get messages through, to manipulate the public, to spread fake news, to hide facts, is as old as their own existence. However, this threat is today multiplied by the connected world they live in and depend on. The pirate, wether he acts on his own or on behalf of a state, a terrorist organization, a group of militants, can, for example, distantly sabotage the broadcast channel of a media, hijack its social media accounts, steal its data, change it, delete it… He can also copy and illegally distribute its production. The cyber-attacks on TV5 and Sony are worldwide famous examples that urge media of any size and activity to reinforce their digital security.
The pirates interest in media organization doesn’t only come from their role as information deliverer and influencers, it also comes from the nature of the data they handle. Media organizations host personal data of a part of their audience enrolled in their interactivity services for example. They also host data on their employees, managers, investors, their address books… But above all, they may host sensitive data that journalists collect when working on investigation cases. Some well financed and very determined actors could carry out complex and sophisticated hacking operations on targeted media organizations to exfiltrate coveted data. In some cases, the use of such data could lead to dramatic consequences like surveillance, repression or even assassination of journalists or activists.
The human at the heart of the system
Media organizations are among companies where there is a high level of human-machine interactions. Yet the computerized and connected newsroom systems and the individual equipment (editing units, mobile journalism units…) lead to numerous entry points, thus to a wider exposition surface to cyber-attacks. When it comes to journalists, obviously the era of smartphone, computers and laptops makes it harder for them to protect their data as they could do with the good old audio recorder and pen. Newsrooms are made of journalists of various generations, the media security depend then on the very diverse levels of awareness and cybersecurity knowledge from one person to another as well as on the existing procedures. A fragility made worse by the race to productivity newsrooms are engaged in as the right business model is, often, not yet found.
The stake of sharing a common cyber-risk culture, to succeed in perceiving it, understanding it and properly reacting to it, is a key stake, especially for media organizations. Raising employees’ awareness, informing them and training them, stand, like in the other « sensitive » industries, as a strategic priority for the years, months, weeks to come.
Human-Chain is the set of Paladax Cyber-Defense services dedicated to raising awareness and training employees so they will adopt the best cybersecurity practices. Thanks to Human-Chain organizations are able to create an HR line of cyber-defense made of people who are aware of the threat, trained and acting responsibly.