The Funke media group does everything right. She has a security concept from a single source, state-of-the-art cloud security, an IT security company that advises her externally. It even has a CISO, a Chief Information Security Officer, someone who is responsible for ensuring that security remains a priority in management. The only flaw: She only got all of this after she was the victim of a highly embarrassing ransomware attack in December 2020. Shortly before Christmas, criminal hackers managed to encrypt the newspaper’s systems and plunge the media group into chaos. Several newspapers of the group to which the Berlin morning postand WAZ only appear in emergency editions in the days that follow, because layout artists have to completely rebuild the newspaper pages and the files have to be brought to the printers on USB sticks. Working like in the 90s, at Funke Mediengruppe this will be reality again at Christmas 2020.
A wake-up call for all media? Hardly. She’s fighting right now Heilbronner voice with the consequences of an attack, no printed newspaper was published on Monday, and a dpa service provider was also hit. Two years after the incident at Funke, media companies are hardly better protected. Eileen Walther is the German head of Northwave, the IT security company that first cleaned up at Funke and has been providing protection ever since. Things got a little better after 2020, internally at Northwave they talk about the “spark effect”, but IT security in the media is still just as bad overall as in other industries. Editorial offices are, if anything, even more vulnerable to such attacks. Ransomware attackers usually enter the system via infected email attachments. Banning a journalist from clicking on attachments from unknown senders, however, is an almost comical suggestion. Such clicks are part of their core business.
“Prepare for the worst,” says the expert
But it doesn’t always have to be ransomware. Since the start of the Russian war of aggression in Ukraine, so-called DDoS attacks on Ukrainian media have been the order of the day. These overload the websites with thousands of requests and throw them off the net. According to the company Cloudflarethat offers protection against such attacks, the top five most attacked industries there have to do with media production. For the Russian attackers, newspapers, TV stations and radio stations are worthwhile targets in hybrid warfare. When reliable information is hard to come by, the population is more vulnerable to Russian disinformation campaigns.
Ransomware and DDoS are rather crude types of attacks. The hackers behind it are rarely interested in concrete information. They just want to wreak havoc. The case is different in the case of targeted espionage actions, in which the investigative units of the media companies are the focus. Source protection is the most important asset for them, in order to guarantee this, the units often prefer to isolate themselves from the rest of the editorial team.
Northwave expert Walther recommends three main steps to editors who are now a bit interested in cyber security in view of the latest attacks: The media must first consider what their specific risks are, whether on the business or editorial side. Awareness training for employees is just as important. Whether 40 percent of them click on a malicious attachment or just three can make all the difference. Thirdly, she recommends setting up a Security Operation Center (SOC), i.e. employees who research suspicious behavior in the networks. For media companies in particular, it is utopian to keep all attackers out. A simulation game “ransomware attack” could also make sense. Even with good security, something can always go wrong. “Prepare for the worst,” says Walther.