Light Dark
November 8, 2022 By Josh Nadeau 4 min read
Data Protection

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships.

Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don’t deploy zero trust security models also incur an average of $1 million more in breach costs than other companies that have.

In addition to the monetary loss, the damage to a company’s reputation can be equally devastating. Consumer confidence in the safety of future purchases is often shaken after well-known brands are breached.

How can public-facing businesses prevent or reduce such catastrophes? The key is understanding the vulnerabilities media companies face, and how Privileged Access Management and zero trust policies can help protect them.

The latest surge in high profile attacks

As businesses expand their digital footprints, they become more susceptible to cyberattacks. In the last few years, we’ve seen a surge in sophisticated attacks on high-profile companies.

In September 2022, Fast Company’s Apple News partnership was disrupted by a malicious attack that posted an inappropriate comment on one of its articles. Though administrators quickly removed the comment, this security breach cost Apple and Fast Company dearly in terms of reputation and trust.

A few weeks prior, Rockstar Games confirmed that a threat actor had broken into its systems and stolen confidential internal data. While these attacks typically focus on stealing proprietary gaming information, they often impose collateral damage on users and their confidential data.

Uber was another victim of a major public-facing assault in September when its computer network was attacked. This prompted the firm to suspend many of its internal communications and engineering systems as it investigated the breadth of the break-in. The intruder maintained that they obtained access to company systems by targeting a single employee with multiple-factor authentication login alerts.

Each of these attacks had significant impacts, from direct financial losses to damaged reputations. These companies are not alone, however. Many others have experienced similar public breaches with substantial repercussions, and the trend is rising.

Assessing risk for public-facing companies

To effectively protect themselves, businesses need to understand the vulnerabilities that make them susceptible to public-facing attacks. There are a few key areas that tend to be weak spots for many companies:

Extensive digital footprints

As organizations scale up their online presence, they leave a larger digital footprint. These footprints are necessary for businesses to expand their customer base and build their brand. However, they also make it easier for cyber criminals to find entry points into company systems.

Another danger of an extensive digital footprint is that companies often have confidential data spread across numerous systems and locations. This can make it difficult to keep track of data and ensure it is properly secured.

Highly public personas

Threat actors often target companies with high-profile executives or public-facing personas. This is because these companies tend to be in the news frequently and have a lot of visibility. As a result, cyber criminals may see them as easy targets to make a quick name for themselves or damage the company’s reputation.

As companies gain more media attention, they may be more vocal about their political or social views. Attackers who disagree with their perspective may choose to target them to make a highly visible statement. As such, companies must know the risks of being in the public eye and take steps to protect themselves.

A large number of employees

Larger, more successful companies often have a vast number of employees spread across the globe. This makes it difficult to track all company activity and makes it more likely that someone will make a mistake that an attacker can exploit.

In addition, companies with a large number of employees often have more turnover. This can cause lapses in security, as new employees are not properly trained on company policies or are unaware of the risks of sharing confidential data.

Implementing lessons from privileged access management and zero trust policies

Given the vulnerabilities that public-facing companies face, it’s clear that they need to take extra measures to protect themselves. One way to do this is to implement lessons from Privileged Access Management and zero trust policies.

Privileged access management

Privileged access management is the practice of granting employees access to only the systems and data they need to do their jobs. This includes creating different levels of access so that more sensitive data is only accessible to a small group of people, as well as regularly auditing who has access to what.

This practice can be applied to media companies in a few different ways. First, they can limit access to sensitive data and materials to only a small group of people. Second, they can create different levels of access for employees, depending on their role within the company. For example, someone in the marketing department may only need access to the company’s social media accounts, while someone in the IT department may need access to more sensitive data.

Zero trust policies

Zero trust policies are a security architecture that prioritizes security over convenience. They maintain that employees should not be granted access to data simply because they are part of the company. Instead, employees should be given access only after they have been verified and their identity has been confirmed.

This approach differs from traditional security models, which often rely on pre-defined trust levels. These trust levels can be based on things like job title or department, which can lead to risky behavior as employees may feel that they don’t need to be as careful with confidential data since they have been given permission to access it.

Both Privileged Access Management and zero trust policies can have a significant impact on the security of public-facing companies. By strictly limiting access to sensitive data and materials and verifying employees’ identities before granting them access, these policies can help prevent or mitigate the damage caused by cyberattacks.

Simple steps for protection

Companies in the public eye need to be aware of the unique risks they face. From increased media exposure to a large workforce, these companies have much to consider regarding security.

Fortunately, there are steps that companies can take to protect themselves. By implementing lessons from Privileged Access Management and zero trust policies, companies can limit their attack surface while hardening their defenses against potential threats.

 |  |  |  |  |  |  |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature