What Makes Cybersecurity Events Newsworthy?

There is no one-size-fits-all scenario that turns a cybersecurity breach into an episode worthy of the press. One breach may be newsworthy for one reason, and a similar breach may be newsworthy for a completely different reason. Being exposed for having inadequate cybersecurity controls is something all business owners hope to avoid, so let’s explore ways we can stay out of the news by determining what makes certain cybersecurity events more newsworthy than others.

Who discovers the breach

Who discovers a cybersecurity breach can significantly impact just how much attention the incident gets from the public. It should come as no surprise that having a person external to the organization discover the breach can make the event much more newsworthy than it would have been otherwise. And unfortunately, the stats are against us – 25% of cyber hacks are discovered by third parties.

For example, in 2014, a cybersecurity expert and blogger named Brian Krebs discovered that a group of credit cards for sale on the dark web originated from the same place: Home Depot. His discovery set off a full-blown investigation that confirmed there was a months-long security breach in Home Depot’s payment systems. Since Home Depot did not make this discovery on its own, it was clear that its safeguards and detection methods were inadequate. More importantly, they were unable to control the narrative of the breach. In our article called Cybersecurity Breach 101, we discuss how important it is to take control of the message in the aftermath of a breach.

Nature of the exposed data

Reports of stolen credit cards rarely give us pause like they used to. Nowadays, society is much more interested in hearing about cybersecurity breaches that result in the loss of personal data – data like medical histories, confidential member lists, information about a political figure’s past dealings, or most importantly, your own personal information, including addresses, phone numbers, social security number, emails and birth date. Very often, cyber hacks become newsworthy simply because the exposed data is of public interest.

Method of exploit

The method of exploit can make a run-of-the-mill network hack much more interesting to the public. In 2014, hackers used stolen network permissions to take credit card information from over 40 million Target shoppers. Whose network permissions did they use? Those of Target’s HVAC contractor. Credit card theft does not always hit the top of the newsreel, but this incident made the news in part because of how the hackers infiltrated the system.

The threat actor

Who the hacker is can make a cybersecurity breach worthy of the press. If a nation state is thought to be behind an attack, the incident automatically gets bumped up a few notches, especially if that nation state is stealing intellectual property. In 2016, China revealed a new warship to their fleet that was presumed to be designed from stolen US Military blueprints. This story gained interest and publicity because it was determined that the Chinese government was behind the theft – Chinese officials worked with a Chinese national living in Vancouver to gain control of these documents.

The duration of the incident

The longer an incident goes on, the more newsworthy it becomes. For example, the Yahoo breach that affected 3 million of its users had been going on for years before it was revealed to the public. The breach only came to light in 2016 when the company was considering a merger. When the incident lasts for such a long time, the customers lose faith in the company’s leaders, and the company forfeits their right to control how the message is received. Further, the impacted users increased from one million to three million users in 2017, creating additional negative publicity for Yahoo related to both the original breach and the failure to determine the exposure.

Level of negligence involved

If a security breach is due to a company’s poor controls, the media will be quick to pick up the story. This negligence can lose customers, but it can also affect the ability to collect an insurance payout – if a company is proven to have acted negligently (such as not having protections installed on company-provided mobile devices, or not having secure networking channels), they may not be eligible to collect cyber-insurance proceeds.

Other newsworthy items that are a by-product of a breach include the departure or removal of key IT executives (CIO, CISO, etc), lawsuits against the impacted company, and, in some cases, the turnover of board members and other company executives.

This is our final article on cybersecurity in recognition of National Cyber Security Awareness Month. New cybersecurity threats are inevitable, the question is how resilient will your company be when one occurs? How well are you prepared to prevent, detect, mitigate and take ownership of the message? Contact your Weaver IT Advisory team as you have cybersecurity concerns throughout the year – we can help you formulate a plan to mitigate your security risks.