5 Steps Publishers Should Take To Defend Against and Prevent Cyberattacks

An editor gets an email from a reader with the subject line, “Can’t access your site.”

This happens at nearly the exact same moment a reporter in the field texts their colleague in the newsroom with the words “Homepage is down.”

It won’t take long before staff across the editorial department and beyond start frantically trying to bring their publication up in a browser window. Nothing.

Cyberattacks can strike publishers in a number of ways, but they don’t have to be dramatic. They can happen at all hours of the day, including the moments when a newspaper or magazine is trying to send out its best-performing newsletter or when traffic typically peaks on their homepage.

Some media outlets have seen this happen enough by now that they know what to do. Some news can be sent out via social media services, albeit in bite-sized chunks. News videos can still be uploaded to YouTube. For the most part, through, publishing workflows grind out a halt. “Stop the presses” suddenly takes on a whole new—and more sinister—meaning.

It’s difficult to accurately quantify how often media organizations get hacked, partly because some incidents may go unreported or compromise back-end systems rather than front-end sites. According to research conducted by KonBriefing, however, there were close to 50 cyberattacks on media companies last year.

Some of the incidents affected radio and TV stations, while others were aimed at newspapers and what the research describes as news portals. The U.S. led the globe with the most cyberattacks on news sites, the majority of which happened in April and May. Another study conducted three years ago found the media is twice as susceptible to attacks as all other sectors.

This past February, meanwhile, Lee Enterprises disclosed in a security filing that a cybersecurity incident disrupted operations across its newspaper chain. Several of its publications, including The St. Louis Post-Dispatch, Omaha World-Herald, and Buffalo News, told readers they were dealing with issues affecting electronic versions of the paper as well as subscriber account services.

Why the media lands in cyberattackers’ crosshairs

We tend to think of financial institutions and government portals as the biggest online targets. Yet media organizations are constantly producing valuable data, including interviews and notes with sensitive information about politics, economies, and high-profile celebrities.

Savvy hackers could use the data editors and reporters gather for financial gain, whether they’re selling it on the dark Web or blackmailing those being covered. Manipulating the news or cutting off its distribution could affect stock markets or elections. Cybercriminals may also want to take over a publication’s home page to spread misinformation or create confusion.

Failing to prepare adequately for a cyberattack could mean publishers have to park any plans to innovate how they tell stories while they get their sites back online. It could also exacerbate the high costs of doing business, which they’re trying to keep low, requiring expensive third parties to restore services.

Unless they’ve suffered through an incident, cybersecurity awareness among new outlets may not be that high. The way data is stored and exchanged might be fairly open. Most critically, aging tech infrastructure could leave media organizations more vulnerable to attacks and exploits than those operating in other sectors.

The biggest cybersecurity threats facing media outlets

It’s not easy for anyone to stay on top of the biggest cybersecurity threats. Much like those developing legitimate applications, hackers are constantly working to improve the malicious software, or malware, that infiltrates corporate networks. They are just as eager as anyone to use artificial intelligence (AI) tools to produce more variations of the tools they use to take sites down or cause other damage.

There are three forms of attack in particular that media companies should be trying to avoid:

DDoS

Distributed denial-of-service (DDoS) attacks flood servers with requests until they are completely overwhelmed. One study found the overall volume of DDoS attacks rose 56% in the second half of 2024. Researchers said there was a trend toward shorter but more intense attacks, possibly because this makes DDoS appear like the kind of traffic spike news sites are hoping to see.

Ransomware

Let’s say you’re an editor, logging into your desktop to review an article one last time before hitting publish. Instead, though, your screen shows nothing other than a request to send money in exchange for accessing your system and application. This is ransomware, and it effectively locks you out of the ability to do your job. A recent report found 58% of ransomware attacks forced organizations to halt operations.

Malvertising

Media outlets not only need to build trust in the journalism they produce, but also in the ads they feature on their site. However, malvertising—which can take the form of forced redirects, malicious extensions, and misleading offers, among others—surged 10% in 2024. This can degrade the overall digital experience you’re offering while making it harder to generate much-needed revenue.

Credential stuffing

Audiences share a lot of information with publishers, from their name and email addresses to home addresses and credit card numbers. That makes cracking into their accounts a worthy activity for rogue parties. Credential stuffing attempts to force logins by using a massive number of potential usernames and passwords. Unless your audience has taken care to choose a difficult password, it can be relatively easy to access and steal data. Even large car companies have fallen victim to credential stuffing.

Not all cyberattacks on media outlets come out of nowhere. Publishers also have to be wary of advanced persistent threats (APTs), whereby hackers use an unpatched piece of software to enter the network and then work silently over weeks or months to escalate their privileged access. When this happens, cyberattackers can take over many different aspects of a media organization’s operations.

How media outlets can keep themselves safe from cyberattacks

Threat actors can be relentless, and if you’re drawing an audience, it’s safe to assume your organization may become a target. Mitigate the worst of the risks by:

1. Investing in a tech stack with built-in, proactive security

You don’t want to be in a position where an incident has occurred and you’re charged with making sure it never happens again. That usually means you have to retrofit existing platforms, which gets costly. WordPress VIP has specific features designed to fend off threats like DDoS attacks, so you can deploy it with greater peace of mind.

Just as important, WordPress VIP offers vulnerability management, a set of tools that monitor for potential holes hackers could exploit. This includes analyzing code, conducting penetration tests, activity logging, and identifying common errors like memory leaks or buffer overflows.  

2. Adopt the principle of least privilege

Not everyone needs the same level of permissions to manage your site or see particular files. The principle of least privilege suggests that you think through every member of your team and determine what’s absolutely necessary for their jobs. WordPress VIP assists here by providing granular access controls, allowing you to use multifactor authentication (MFA) that’s stronger than a basic password.

3. Plan for worst-case scenarios

People often don’t picture losing access to their interview notes, or losing the ability to publish content, until it happens. Backup and recovery processes give you recourse to another version of your data in the event it’s compromised—WordPress VIP does this on an hourly basis. You should also talk to trusted partners about how to develop data breach incident response procedures and how they should be involved.

4. Keep your tech stack up to date at all times

Patch management is one of the oldest problems in IT. When staff get busy, it’s easy to forget to install a software update that could prevent a vulnerability from attracting cybercriminals. This includes your CMS, but WordPress VIP customers benefit from automatic WordPress update alerts. It’s a practical approach to cuttiing down on extra hassles for IT teams and makes you that much safer from cyber threats.

5. Upgrade your cybersecurity skill set

It’s not just editors and reporters who need to be in constant learning mode. Developers and others within a publisher’s tech team should ensure that understanding and avoiding cyber risks is a core part of their professional development.

There are a ton of security conferences you can attend. Also consider options like WordPress VIP Learn’s Enterprise WordPress Security course, where in two to five hours you can learn everything you need to protect your news site, your coworkers and your subscribers.Cybersecurity is another example of a subject where publishers may be covering the latest news, but they shouldn’t become the subject of the news. If you don’t want to deal with the cost of downtime and be freer to focus on innovation, strengthening your defences will help you accomplish both.