Why media companies are the next targets for cyber attacks

For many the words ‘cyber attack’ conjures thoughts of digital warfare and nation state attacks. In such instances media companies may not be considered a prime target, yet in recent months we have seen an increasing focus against media organisations.

Where advanced attacks typically focus on compromising high value systems and information what is it that has made media stand out?

The answer is PsyOps or physiological operations, which is the concept of using psychology to influence or induce terror, a concept that has been a doctrine of war for centuries but has fast evolved with surging internet adoption among our urban populations.

Look back over the last 12 months and we have seen the Syrian Electronic Army, ISIL and many others look to leverage online media as a method of getting their message out to the millions of customers that frequent their websites, blogs and feeds for their information fixes.

It is not just about PsyOps though, in recent years we have also seen media companies being targeted for revenge. This often takes the guise of Denial of Service (DoS) or defacement of content – both aimed to disrupt and embarrass. Be it backlash over views of the publishing religious icons in cartoons, views on Wikileaks or conflicting perspectives on current affairs, media companies are becoming a hot target.

A third category of attacks are seemingly driven by political motives such as the recent incident in France, that on initial view looked to be a DDoS attack by the cyber caliphate but on further investigation indicated links to APT28, a group that has Russian links. Attacks such as these aim to contaminate the information pools and ultimately, contaminate the audience’s perception of a situation.

So what can media organisations do to prevent all this when typically when their cyber security budgets do not match up to other industries like finance or energy?

The first step is to realise and accept that media organisations are a viable target and therefore need to prepare to respond. Some media organisations I have previously spoken with have started to look to cyber insurance as a way to help offset the risks and business impact. While it is good tactic and helps manage commercial impact, it does not replace the need to have appropriate policies and procedures in place.

The second step is to always be prepared. We need to come to terms with the fact that whist we continue to put controls in place to stop attackers, if they want to get in, they typically will persist until they succeed.

In a time of crisis, the trick lies in the response plan that covers technical, operational and business areas. Strategising is not enough; organisations need to keep testing the plan just as they do fire drills. Running ‘cyber incident drills’ helps ensure all ends are covered and different teams and people know their roles and responsibilities. The next stage lies in knowing who to call, who the first respondents would be. Having your incident response SLAs / contracts ready can dramatically reduce time to respond.

Third and perhaps most important is to make sure you are getting the best value from your cyber security investments. It is very easy to keep doing the same things we have done for years just because “we have never had a problem” but it need not necessarily be the best approach for the future. Consider investing in newer tools and resources that expedite your ability to detect, block and respond or move to security as a service model that gives access to tools and skills that you simply will not be able to afford traditionally.

Today it typically takes a median of 205 days to discover that you have been compromised and attackers often wait months before launching the attack (tying into geo-political events). So ‘if’ and not ‘when’ an organisation is compromised, a well-defined and tested respond strategy can turn a crisis into a manageable incident, reducing the business impact.

You would not go into war without medical aid, so why do we go into cyber battle without emergency recovery services?