Why newspapers are affected and what they should do to protect themselves is explained by Rehan Khan of Rabb IT Solutions.
The media industry reacted with great concern to the recent cyber attacks on the Rheinische Post and other well-known German newspapers. The full extent of the attack could be seen in the fact that not only was online content no longer available, but even emergency editions had to be printed.
Journalists work with sensitive data
Media houses are an attractive target for cybercriminals because journalists often work with personal and very sensitive data, which can be manipulated and taken out of context for the purpose of opinion-making as well as blackmail.
The motive for stealing such information is often revenge. In this way, political activists try to steer opinions and compromise political rivals. Another reason why media companies are increasingly coming under the scrutiny of cybercriminals is their complex network, which all too often has significant vulnerabilities. Inadequate IT security is therefore not a real hurdle for hackers.
Effective IT security for media houses
As a first step, network security should be increased. To ensure this, modern firewall systems as well as intrusion detection and intrusion prevention systems should be installed. Such systems control the data flow and detect suspicious data traffic. At this point, users should distinguish between the detection of attacks with the help of intrusion detection systems and the automatic defence against such attacks by implementing intrusion prevention software.
Furthermore, security patches can offer additional protection because they have been programmed by the manufacturers specifically for short-term protection against vulnerabilities in the software. They are quicker and easier to install than ordinary updates and do not require the software to be reset.
Train staff in security
Two-factor authentication and strong passwords also help minimise the risk of attack. These guarantee that only authorised persons have access to confidential data. In addition, all employees who handle sensitive data should receive regular security training to prevent intrusion through dangerous email links and attachments. Many employees are not even aware of the dangers lurking in their inbox.
Some companies are already working successfully with external security auditors who analyse networks, fix loopholes and work with staff to develop an incident response plan. This is used to define responsibilities in the event of an emergency, implement the appropriate measures and take steps to alleviate the situation.
is Managing Director of Rabb IT Solutions GmbH.