Brand cyber security for publishers

The digital landscape in India is one that is continuously shifting, changing and evolving. At the third annual edition of Digipub World, organised by afaqs!, Aseem Ahmed of Akamai Technologies was one of the speakers. Ahmed began his talk by pointing out that the digital ecosystem of the publishing industry needs to evolve beyond its current state. While stating the need of the hour, he also warned that this evolution would expose the publishing industry to risks. Mitigating these risks while adopting digital was the crux of Ahmed’s presentation.

"A lot is being written in media about cyber security. A lot of attacks and bad things are happening. There's a growing realisation that the media and publishing industry too is prone to cyber threats," he said. Ahmed pointed out that 20 years ago, a basic cyber attack involved an SQL injection trying to capture a user's ID and password. “Today at an average, Akamai mitigates 5 million of these attacks on daily basis. And this is just one type of attack I'm talking about. So you can imagine the scale out there," he asked his audience.

He admitted that even though two decades have passed, cyber security is still a challenge. Why is security so hard? Why are organisations still playing catch up? "Because as far as security is concerned everything is changing faster than you can respond. Today, there are emerging threats that didn’t exist in this shape and form years back. Financial motivation, as well as behind-the-scenes motivations, get the threat actors or malicious actors to think in a different direction," he explained. Ahmed then began to explain how this could potentially hurt publishers.

"If the company is a publishing house, hackers may want to, say, plant fake news on the site. Maybe if your site carries privileged content — something that can be given to only paid users — credential stuffing becomes an issue. So there's a growing threat to landscape because the way that people are attacking you has changed, in addition to the digital ecosystem changing significantly," he opined.

On that note, Ahmed moved to another riveting area where cyber security has the potential to get compromised — the Internet of Things (IoT). He explained that the IoT is when a machine is powering machine learning engines as well as algorithms. "All of this technology evolved to enable a business to grow. Obviously it has led to many unexpected results…" he paused. "The attackers have also become smart. They know how to leverage these technologies to attack your businesses,” he told the audience.

Ahmed moved on to talking about APIs. API, which stands for Application Program Interface, is the basic interface of an app or program that interacts with a certain system or application, in order to run in a particular manner. Since there are a host of digital consumer touch points where companies can directly interact with consumers, API becomes crucial for a business. “An API is one of the most critical aspects of web or digital today, consumed across all channels. Doesn’t matter if your business involves media, publishing, OTT, banks, governments… Pretty much every industry today run on APIs,” Ahmed explained. He stated the example of Ola Cabs and how they now offer ride insurance and other services (including ordering food), which are accessible from the app interface, apart from the usual ride booking feature. He also pointed out that it’s an enabler in tracking user behaviour and getting more accurate analytics.

The simplicity and openness of the API system makes it attractive to hackers. Ahmed also mentioned that API security needs to be handled differently than regular content security. “An API attack can be disastrous. Imagine if someone is trying to log in to your site or app and they are unable to do so because your security is not in place. API attacks are more sophisticated than regular attacks” he said.

Ahmed reminded the audience about a vulnerability in a Wordpress plugin, a few years ago, which allowed attackers to alter the content on a website. Smaller publishers could potentially get affected as many of them still relied on systems similar to Wordpress to build their digital site.

“Bots are scripts — it’s the intent behind usage that matters. We see different kinds of traffic when bots are used with different kinds of intent,” he told us.

In the final leg of his presentation, Ahmed helped the audience understand that IoT can be used to power electronic items such as CCTV cameras, Smart TVs, routers and servers, and that these are also vulnerable to hacking. "The biggest problem today, is a lack of cyber security skills and as someone who works in a cyber security company, this is a cause of concern for me. We face a lot of skill challenges while hiring and people don't have the skillset we need.”

Watch the full session below...