November 8, 2022 By Josh Nadeau 4 min read

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships.

Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don’t deploy zero trust security models also incur an average of $1 million more in breach costs than other companies that have.

In addition to the monetary loss, the damage to a company’s reputation can be equally devastating. Consumer confidence in the safety of future purchases is often shaken after well-known brands are breached.

How can public-facing businesses prevent or reduce such catastrophes? The key is understanding the vulnerabilities media companies face, and how Privileged Access Management and zero trust policies can help protect them.

The latest surge in high profile attacks

As businesses expand their digital footprints, they become more susceptible to cyberattacks. In the last few years, we’ve seen a surge in sophisticated attacks on high-profile companies.

In September 2022, Fast Company’s Apple News partnership was disrupted by a malicious attack that posted an inappropriate comment on one of its articles. Though administrators quickly removed the comment, this security breach cost Apple and Fast Company dearly in terms of reputation and trust.

A few weeks prior, Rockstar Games confirmed that a threat actor had broken into its systems and stolen confidential internal data. While these attacks typically focus on stealing proprietary gaming information, they often impose collateral damage on users and their confidential data.

Uber was another victim of a major public-facing assault in September when its computer network was attacked. This prompted the firm to suspend many of its internal communications and engineering systems as it investigated the breadth of the break-in. The intruder maintained that they obtained access to company systems by targeting a single employee with multiple-factor authentication login alerts.

Each of these attacks had significant impacts, from direct financial losses to damaged reputations. These companies are not alone, however. Many others have experienced similar public breaches with substantial repercussions, and the trend is rising.

Assessing risk for public-facing companies

To effectively protect themselves, businesses need to understand the vulnerabilities that make them susceptible to public-facing attacks. There are a few key areas that tend to be weak spots for many companies:

Extensive digital footprints

As organizations scale up their online presence, they leave a larger digital footprint. These footprints are necessary for businesses to expand their customer base and build their brand. However, they also make it easier for cyber criminals to find entry points into company systems.

Another danger of an extensive digital footprint is that companies often have confidential data spread across numerous systems and locations. This can make it difficult to keep track of data and ensure it is properly secured.

Highly public personas

Threat actors often target companies with high-profile executives or public-facing personas. This is because these companies tend to be in the news frequently and have a lot of visibility. As a result, cyber criminals may see them as easy targets to make a quick name for themselves or damage the company’s reputation.

As companies gain more media attention, they may be more vocal about their political or social views. Attackers who disagree with their perspective may choose to target them to make a highly visible statement. As such, companies must know the risks of being in the public eye and take steps to protect themselves.

A large number of employees

Larger, more successful companies often have a vast number of employees spread across the globe. This makes it difficult to track all company activity and makes it more likely that someone will make a mistake that an attacker can exploit.

In addition, companies with a large number of employees often have more turnover. This can cause lapses in security, as new employees are not properly trained on company policies or are unaware of the risks of sharing confidential data.

Implementing lessons from privileged access management and zero trust policies

Given the vulnerabilities that public-facing companies face, it’s clear that they need to take extra measures to protect themselves. One way to do this is to implement lessons from Privileged Access Management and zero trust policies.

Privileged access management

Privileged access management is the practice of granting employees access to only the systems and data they need to do their jobs. This includes creating different levels of access so that more sensitive data is only accessible to a small group of people, as well as regularly auditing who has access to what.

This practice can be applied to media companies in a few different ways. First, they can limit access to sensitive data and materials to only a small group of people. Second, they can create different levels of access for employees, depending on their role within the company. For example, someone in the marketing department may only need access to the company’s social media accounts, while someone in the IT department may need access to more sensitive data.

Zero trust policies

Zero trust policies are a security architecture that prioritizes security over convenience. They maintain that employees should not be granted access to data simply because they are part of the company. Instead, employees should be given access only after they have been verified and their identity has been confirmed.

This approach differs from traditional security models, which often rely on pre-defined trust levels. These trust levels can be based on things like job title or department, which can lead to risky behavior as employees may feel that they don’t need to be as careful with confidential data since they have been given permission to access it.

Both Privileged Access Management and zero trust policies can have a significant impact on the security of public-facing companies. By strictly limiting access to sensitive data and materials and verifying employees’ identities before granting them access, these policies can help prevent or mitigate the damage caused by cyberattacks.

Simple steps for protection

Companies in the public eye need to be aware of the unique risks they face. From increased media exposure to a large workforce, these companies have much to consider regarding security.

Fortunately, there are steps that companies can take to protect themselves. By implementing lessons from Privileged Access Management and zero trust policies, companies can limit their attack surface while hardening their defenses against potential threats.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today