Cyber crime illustration. [Photo/Pinterest]
Publishers, including journalists, are increasingly concerned about their work and sources. Journalists, largely seen as a voice of the people, hold a lot of power. In a time where nearly everything occurs online, journalists sit at the confluence of many cyber threats that are becoming more sophisticated.
One of the greatest threats comes from well-funded cybercrime and cyber espionage groups that will go to great lengths to accomplish their objectives. We have seen in the recent past cyber criminals and cyber espionage groups, releasing or withholding information in a time and manner that is advantageous to them.
For example, the Mexican government is at one time said to have purchased commercial spyware, and used it to target a journalist who exposed the biggest government corruption case to date. These are types of hacking tools coming from well-funded organizations that are used against reporters as a systematic procedure of intimidation and harassment.
On the flip side, there is also the present danger of people impersonating journalists or their sources in order to discredit them and or their publications. These kinds of threats often delivered using stolen information make risk management an important tool.
The first step in protection is to know the risks that exist and how to mitigate them by constantly evaluating and assessing the incentives of any would-be attacker versus your own incentives to, for example, keep something such as news source or a dossier a secret.
Publishers and journalists, in trying to understand and build protection around these risks must ask deep and insightful questions about their security or the teams that manage their security, whether outsourced IT or in-house.
Cybercriminals will always evolve their manner of attacks looking for the weakest link, and which in turn requires you to always evolve your threat monitoring and risk profile. An easier framework for a publisher in managing this is to make an inventory of devices, software and limit people with access to these.
Additionally, a strong cyber-security best practice policy should be put in place with adequate measures to ensure compliance at all times. Simple things, like software updates or equipment upgrades, should not be ignored as they can easily become a vector to you and the organization being compromised.