News reports yesterday that the New York Timesand other news organizations were attacked by hackers should not only come as no surprise, but industry insiders believe news organizations should prepare to be struck again in the future.
The huge amount of confidential data the media stores makes for a tempting target for hackers interested in either learning more about the inner workings of American politics or to possibly influence the upcoming election cycle, security pros said, adding that the media has been a target in the past and will likely remain a target.
“Hackers have been going after the press the whole time… It’s only now that either
a) they’ve become more focused,
b) they’ve been more successful, or
c) we’ve figured out how to catch them in the act. I suspect it’s a combination of all three,” Casey Ellis, CEO and founder of Bugcrowd, told SCMagazine.com in an email.
The New York Times confirmed that an attempted cyberattack targeted the company’s Moscow bureau, but said there is no evidence it was successful. The FBI is investigating the attack and the possible connection that Russian intelligence sources may be the perpetrator of the attack.
Jack Danahy, CTO and co-founder of Barkly, told SCMagazine.com by email that the Times had previously been victimized by hackers in 2012 and this probably helped better prepare the company to deal with cybersecurity issues today.
This week’s incident should also be a warning to news organizations and other groups that also harbor critical information on the nation’s political process.
“Everyone in Washington – from think tanks, news organizations to nonprofit groups – need to take a good look at their networks to determine, first, if they have been breached and, two, what parts of their network are still vulnerable. This includes not just ensuring that the perimeter is protected, but so is their sensitive data,” said Vishal Gupta, CEO of Seclore, in an email to SCMagazine.com.
“Looking forward, organizations must plan for breach attempts as a certainty and reinforce their strategies to resist and to react,” Danahy said.
Lynn Walsh, incoming president of the Society of Professional Journalists, noted many journalists already use various methods to secure their data, such as encryption, but may have to do more in the future.
“I think bigger hacks to major news organizations will make news organizations take a hard look at their security and their information sharing policies,” Walsh told SCMagazine.com, adding that if the hackers do reveal the information uncovered it could have a detrimental impact on journalism.
“I do worry that people may see these hacks and be uncomfortable or afraid to come forward with important stories and information. This could then hinder a journalists ability to share information with the public and expose wrongdoing, hurting society,” she said.
The Times case follows closely on the heels of the Shadow Brokers posting NSA hacking tools online and the release of information pulled from the Democratic National Committee. These hacks have also been linked to Russian-based groups by many security experts.