How Publishers Can Reduce the Risk of Cyberattacks

Profero's Carl Breindel outlines the key steps publishers must take now to mitigate risk.

Jun 04, 2025

Cyberattacks are a regular and growing threat to publishers. Incidents can shut down entire systems, compromise sensitive data, impact revenues, and erode trust with both readers and stakeholders. Yet many newsrooms operate with ageing infrastructure, limited IT support, and informal digital practices—all of which increase the likelihood and impact of a breach.

Why Publishers Are at Risk

Publishers are highly visible, manage large volumes of valuable data, and often lack the resources to maintain robust digital security. Their operations depend on a complex web of systems—websites, content platforms, subscriber databases, payment infrastructure, and internal communication tools—many of which are interconnected and reliant on third-party providers.

Journalists and editorial teams are frequently remote, using personal devices and consumer apps to file stories and share information. This informal and decentralised environment—often referred to as “shadow IT”—expands the attack surface and reduces oversight.

Many publishers also depend on legacy systems not designed to withstand today’s threat landscape. This combination of visibility, complexity and resource constraints creates vulnerabilities that attackers can and do exploit.

Real-World Consequences

Recent incidents across the industry show how serious and varied these attacks can be:

Lee Enterprises, a major US regional publisher, suffered a ransomware attack in February 2025. The incident disrupted publication schedules, delayed vendor payments, and took core systems offline for more than a week. The company spent $2M on ransomware recovery.
Kadokawa, a Japanese media group, was forced to take its Niconico video platform offline in June 2024 after a cyber breach. The attack exposed data from over 250,000 users, suspended programming for several weeks, and triggered a sharp fall in the company’s share price.
The Guardian was hit by a ransomware attack in 2022 that forced office closures, disrupted payroll, and led to the exposure of sensitive staff information.
News Corp discovered that state-sponsored hackers had maintained unauthorised access to internal emails and documents for nearly two years, compromising confidential communications across its global operations.
Amedia, one of Norway’s largest publishers, suspended both print and digital services after a 2021 cyberattack. While backups existed, recovery was delayed due to poor preparation and implementation.
The New York Times reported cyber intrusion attempts on its Moscow bureau in 2016. The FBI later linked the activity to groups engaged in broader political interference campaigns.

These examples span different geographies and attack types—from ransomware and surveillance to data theft and infrastructure disruption. What they share is the scale of the operational and reputational damage they caused.

Practical Steps Publishers Can Take

Cyber threats cannot be eliminated entirely, but their impact can be significantly reduced through targeted planning and sensible investment. Based on Profero’s work across the media sector, the following actions offer a strong starting point:

* Implement a Robust Backup System

A strong backup solution is crucial. Backups should be stored off-site or in the cloud and protected with robust authentication measures. This ensures that even if a publisher is compromised, attackers cannot corrupt the backups.

* Enhance Access Security with MFA and VPNs

Implementing Multi-Factor Authentication (MFA) across all accounts and requiring the use of a Virtual Private Network (VPN) for accessing company systems can significantly lower the risk of attacks. For instance, if an employee's Microsoft credentials are compromised through phishing, requiring VPN access (when the IP address does not match) can prevent the attacker from gaining entry, effectively blocking a critical attack vector that many companies still face.

* Mitigate Phishing Risks

Phishing remains a leading cause of breaches. While completely eliminating phishing is impossible, companies can implement measures to minimise the risk of phishing emails reaching employees and reduce the impact should credentials be stolen. Numerous products integrate with email systems like Outlook and Gmail to protect against phishing, serving as an effective first line of defense.

* Monitor Credentials

Over the past year, many incidents have originated from leaked credentials, often resulting from credential stealers on personal devices. Once attackers obtain these credentials, they attempt to log into company accounts. Organisations can use services from various vendors to monitor for leaked user credentials associated with their domains. Profero offers a similar service as part of our credential monitoring solutions.

The Cost of Delay

Bottom Line: Every publisher is a potential target. Attacks can be opportunistic or carefully planned, driven by financial motives, ideology, or geopolitical agendas. The longer organisations wait to strengthen their defenses, the more likely it is that they will face disruption or loss.

Investing in practical safeguards—secure backups, MFA, credential monitoring, and incident planning—won’t stop every threat. But it will help contain breaches, protect essential systems, and preserve your ability to publish during a crisis.

For publishers, the objective isn’t perfection. It’s preparation.

Carl Breindel Incident Responder at Profero

About: Profero is a cybersecurity company specializing in readiness and incident response. After handling hundreds of incidents globally, we developed the Rapid-IR platform, which combines intelligence, readiness, discovery, and response into a single subscription. With a 20-minute response time and ongoing assessments, we enable organizations to become breach-ready. Want to learn more about how we can help you become breach-ready? Just email us: contact@profero.io