The Philadelphia Inquirer was hit with a cyberattack that resulted in significant disruptions to its operations. It was unable to print its Sunday paper on May 14, and it had to scramble to restore several systems. The full extent of the attack has yet to be revealed. The attack happened shortly before Philadelphia’s mayoral primary election on May 16.

What details of the attack have been made public, and how vulnerable are other media companies to this kind of cybersecurity incident?

The Cyberattack

“On May 11, The Philadelphia Inquirer discovered anomalous activity on select computer systems and immediately took those systems offline,” Lisa Hughes, publisher and CEO of The Philadelphia Inquirer, said in a brief emailed statement. The attack resulted in the paper’s most severe disruption to operations since a blizzard that occurred in 1996, according to The Philadelphia Inquirer coverage of the incident.

The newspaper is working with “third-party forensic specialists from Kroll to restore systems and fully investigate the matter,” according to the emailed statement.

Potential Motivations

With details of the attack still sparse, the exact nature of the incident and the motivation behind it are yet unknown, but there are potential causes to consider.

With the timing of the attack right before the city’s mayoral primary election, political motivation is a possibility. “With a contested mayoral primary race to be covered, attackers could hope to influence the election by hindering coverage,” says Randy Watkins, CTO of cybersecurity company Critical Start.

Cyberattacks can also be motivated by monetary gain and data theft. The Philadelphia Inquirer has not made any ransom demands public, nor is it clear if the information of employees or customers has been compromised, according to The Philadelphia Inquirer coverage.

Vulnerability in the Media Industry

The Philadelphia Inquirer is not the first media organization to be targeted by threat actors. In 2018, The Los Angeles Times was disrupted by malware. The newspaper reported that the cyberattack was suspected to have come from outside of the United States. In December 2022, the Guardian was hit with ransomware; the attack impacted the personal data of staff members. The Guardian coverage noted that the attack was likely linked to phishing.

The State of Penetration Testing as a Service report found that the media industry was the most vulnerable industry; companies in the industry accounted for 39% of all critical vulnerabilities.

“The vulnerability of media companies and news organizations to cyberattacks can vary significantly. Some organizations that I've worked with have demonstrated a high level of cybersecurity awareness and have robust defensive measures in place,” Joshua Crumbaugh, CEO of phishing and security awareness company PhishFirewall, tells InformationWeek. “Unfortunately, others have shown a lack of understanding of the risks they face, making them potentially more vulnerable.”

The Philadelphia Inquirer coverage of the cyberattack published on May 14 noted that the paper does not require multifactor authentication for a number of its systems.

Jon Miller, CEO and co-founder of ransomware cybersecurity company Halcyon, points out that threat actors can opportunistically target industries that do not have the resources necessary to implement robust cybersecurity strategies. “Most local media, like The Philadelphia Inquirer, probably fall in that category; they’re underfunded, understaffed, overworked, and subsequently, very vulnerable,” he says.

The impetus behind cyberattacks against the media is unlikely to decrease in the foreseeable future. Theft of employee and customer data is a significant motivation for cyberattacks on media organizations, as well as many other types of companies. But media organizations also present some unique opportunities to threat actors.

“Larger media organizations have access to information and sources that some foreign nations are interested in. In some of our investigations, we have seen nation state threat actors search for information associated with public figures, national security, dissidents, etc.,” says David Wong, director of Mandiant consulting at cloud computing services suite Google Cloud.

Threat actors could also be motivated to use media outlets to influence public opinion. “A breach could lead to the dissemination of misinformation or disinformation,” says Watkins. Miller noted that the time leading up to the 2024 US presidential election could end up being a factor in attacks on media organizations.

Hardening Cybersecurity Posture

If media organizations continue to be attractive targets for cyberattacks, how can they defend themselves? Understanding the threats facing the media and practicing good cybersecurity hygiene is a good place to start. “Implementing robust technical controls, regularly updating and patching systems, and creating a culture of cybersecurity awareness can all contribute to a more resilient organization,” according to Crumbaugh. Investing in staff training is also an important part of cybersecurity. Recognizing and responding to threats appropriately can significantly mitigate risk.

While prevention is crucial, threat actors are becoming increasingly sophisticated. Cyberattacks can still happen, and organizations need to be prepared to respond when they do. “A determined attacker with enough time and resources is going to find a way around security controls. Planning to be resilient in the aftermath of a successful ransomware attack is the best advice there is,” Miller advises.

Wong notes the importance of protecting journalists who are in the field. “The threats to the individuals in the front-line are different than for the organization,” he says.

“Given the potential fallout -- and publicity -- from a cyberattack on media outlets, it is extraordinarily important for such organizations to protect their content and process and, consequently, the public at large,” says Howard Goldberg, a partner at national law firm MG+M The Law Firm.

What to Read Next:

The Metropolitan Opera Cyberattack Highlights Vulnerability of Cultural Institutions

Breach Takes Systems Down Across Western

DigitalDC Health Link Breach Exposes Private Information of Lawmakers