In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships.

Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don’t deploy zero trust security models also incur an average of $1 million more in breach costs than other companies that have.

In addition to the monetary loss, the damage to a company’s reputation can be equally devastating. Consumer confidence in the safety of future purchases is often shaken after well-known brands are breached.

How can public-facing businesses prevent or reduce such catastrophes? The key is understanding the vulnerabilities media companies face, and how Privileged Access Management and zero trust policies can help protect them.

The Latest Surge in High Profile Attacks

As businesses expand their digital footprints, they become more susceptible to cyberattacks. In the last few years, we’ve seen a surge in sophisticated attacks on high-profile companies.

In September 2022, Fast Company’s Apple News partnership was disrupted by a malicious attack that posted an inappropriate comment on one of its articles. Though administrators quickly removed the comment, this security breach cost Apple and Fast Company dearly in terms of reputation and trust.

A few weeks prior, Rockstar Games confirmed that a threat actor had broken into its systems and stolen confidential internal data. While these attacks typically focus on stealing proprietary gaming information, they often impose collateral damage on users and their confidential data.

Uber was another victim of a major public-facing assault in September when its computer network was attacked. This prompted the firm to suspend many of its internal communications and engineering systems as it investigated the breadth of the break-in. The intruder maintained that they obtained access to company systems by targeting a single employee with multiple-factor authentication login alerts.

Each of these attacks had significant impacts, from direct financial losses to damaged reputations. These companies are not alone, however. Many others have experienced similar public breaches with substantial repercussions, and the trend is rising.

Assessing Risk for Public-Facing Companies

To effectively protect themselves, businesses need to understand the vulnerabilities that make them susceptible to public-facing attacks. There are a few key areas that tend to be weak spots for many companies:

Extensive Digital Footprints

As organizations scale up their online presence, they leave a larger digital footprint. These footprints are necessary for businesses to expand their customer base and build their brand. However, they also make it easier for cyber criminals to find entry points into company systems.

Another danger of an extensive digital footprint is that companies often have confidential data spread across numerous systems and locations. This can make it difficult to keep track of data and ensure it is properly secured.

Highly Public Personas

Threat actors often target companies with high-profile executives or public-facing personas. This is because these companies tend to be in the news frequently and have a lot of visibility. As a result, cyber criminals may see them as easy targets to make a quick name for themselves or damage the company’s reputation.

As companies gain more media attention, they may be more vocal about their political or social views. Attackers who disagree with their perspective may choose to target them to make a highly visible statement. As such, companies must know the risks of being in the public eye and take steps to protect themselves.

A Large Number of Employees

Larger, more successful companies often have a vast number of employees spread across the globe. This makes it difficult to track all company activity and makes it more likely that someone will make a mistake that an attacker can exploit.

In addition, companies with a large number of employees often have more turnover. This can cause lapses in security, as new employees are not properly trained on company policies or are unaware of the risks of sharing confidential data.

Implementing Lessons From Privileged Access Management  and Zero Trust Policies

Given the vulnerabilities that public-facing companies face, it’s clear that they need to take extra measures to protect themselves. One way to do this is to implement lessons from Privileged Access Management and zero trust policies.

Privileged Access Management

Privileged access management is the practice of granting employees access to only the systems and data they need to do their jobs. This includes creating different levels of access so that more sensitive data is only accessible to a small group of people, as well as regularly auditing who has access to what.

This practice can be applied to media companies in a few different ways. First, they can limit access to sensitive data and materials to only a small group of people. Second, they can create different levels of access for employees, depending on their role within the company. For example, someone in the marketing department may only need access to the company’s social media accounts, while someone in the IT department may need access to more sensitive data.

Zero Trust Policies

Zero trust policies are a security architecture that prioritizes security over convenience. They maintain that employees should not be granted access to data simply because they are part of the company. Instead, employees should be given access only after they have been verified and their identity has been confirmed.

This approach differs from traditional security models, which often rely on pre-defined trust levels. These trust levels can be based on things like job title or department, which can lead to risky behavior as employees may feel that they don’t need to be as careful with confidential data since they have been given permission to access it.

Both Privileged Access Management and zero trust policies can have a significant impact on the security of public-facing companies. By strictly limiting access to sensitive data and materials and verifying employees’ identities before granting them access, these policies can help prevent or mitigate the damage caused by cyberattacks.

Simple Steps For Protection

Companies in the public eye need to be aware of the unique risks they face. From increased media exposure to a large workforce, these companies have much to consider regarding security.

Fortunately, there are steps that companies can take to protect themselves. By implementing lessons from Privileged Access Management and zero trust policies, companies can limit their attack surface while hardening their defenses against potential threats.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…