Could it be that most cyber attacks are neither sophisticated nor unprecedented?
Claudiu's Observation: Creating mystery and intrigue around a particular incident or data breach rarely makes it more interesting. In many cases, it can be perceived as an indication of sloppy reporting. Since most of today's hacking incidents share such basic commonalities as an initial click on an infected link or a ransomware infection, the myth of the shadowy hacker is little more than FUD.
What's the solution? In my opinion, three key ingredients make all the difference:
- How it began: A bit of investigative work to determine what vulnerability was exploited
- How it unfolded: few well-turned phrases to create a compelling narrative.
- How the reader can benefit from the unfortunate experience of the victims
It's often unnecessary to humiliate the unprepared victim and to manufacture intrigue. All that's needed for a compelling cybersecurity story is a good, basic set of questions.
Armed with such queries and an adequate interview subject, any investigative reporter stands to get good mileage from the answers to the following:
2. What were they after? Did they seek profits or did the criminals simply want to "watch the world burn"?
3. Thinking in 80/20 terms (the Pareto Principle), what is the best set of simple tips that will help most organizations to prevent such an incident from victimizing them and their customers?
For professional analysis and media soundbites by a certified security and privacy expert with 35 years of experience, click here to request an interview with Claudiu Popa, author of the Canadian Cyberfraud Handbook, CEO of Datarisk Canada, President of Managed Privacy Canada and co-founder of the KnowledgeFlow Cybersafety Foundation, Canada's only non-profit dedicated to bringing digital literacy to vulnerable sector audiences via accredited data protection professionals.
This weekly newsletter is the product of manually curated news presented with the expert commentary of Claudiu Popa. As a weekly publication intended for media and information professionals, the objective is simply to outline common threads flowing through current news stories and identify opportunities to ask the questions that matter.
Whether you are a professional journalist or a passionate subscriber, this is your opportunity to gain actionable insights into the actual harms and the questions that matter about the real impact of cybersecurity.
Know a media professional? Offer them the Media Cybersecurity Briefing? It’s completely free (for now).
Member discussion: