If you thought managing a media organisation is complex be prepared. It’s highly unlikely that this will become easier in the near future. Media leaders are now confronted with a heap of odd sounding technical terms like “typo squatting“, “spear fishing emails“, “domain masquerading” and many more they quite possibly have never heard of. The sprawling vocabulary is used to describe the growing ways people are now targeted on the Internet.
Thanks to Google’s security researchers, we now know that in the most recent case hackers turned to the Electronic Frontier Foundation, registered and operated electronicfrontierfoundation.org, a site which uses the brand name and which looks like it’s managed by the EFF to abuse people’s trust in the brand and to install malware on visitors’ computers.
In April French TV network TV5Monde became a target of hackers allegedly affiliated with ISIS and went dark. The urgency in this case let the French culture minister to call an urgent meeting of French media groups to assess their vulnerability as Angelique Chrisafis and Samuel Gibbs, both of the Guardian, reported.
But attacks are not limited to domain names, websites or whole TV networks alone. In May the Washington Post became a victim of attacks from hackers supporting the regime of Syrian President Bashar al-Assad who infiltrated their content delivery network provider Instart Logic. The incident came two years after they were targeted as the result of an attack on content recommendation service Outbrain.
Media organizations find help from service providers that have specialized in finding security holes and how to fix them. They carry out planned attacks to identify possible security issues and assist in setting up internal security protocols. Some companies like Recorded Future go as far as using predictive analytics to predict the likelihood of cyber threats.
Media CEOs would be well advised to start thinking about how to address the security threats and what appropriate processes should look like in case such attacks succeed. Would you be able to redirect your visitors to alternative sites? Who’s the contact person at your service provider and who would be available over the holidays, or weekend? How much would a minute cost if your sites or services become unavailable? Do you have customer data at stake?
The potential damage to brands and businesses as a whole can be substantial. The prevention of criminal attacks is as important as having proper means at hand to do damage control. Security measures should also take all ecommerce activities into account and should cover portfolio companies such as start-ups as well.
How prepared are you?
For more on the above:
More like this