Hackers, cyberattacks and malware... the mainstream media (press, television and radio) are increasingly reporting news from the online world. Quite a departure for a subject which has long been of niche interest only. So is cybersecurity starting to become a mainstream staple?
Cyber threats are now making headlines. On 13th October, the ransomware attack that paralysed the computer systems of the community of Grand-Cognac (Charentes, France) was covered by the local press, before earning a spot on the famous 8pm news on the TF1 channel. At almost exactly the same time, the M6 group was counting the cost of a similar cyberattack which paralysed its email systems and phone lines, eliciting a similar response from the mainstream French press (Le Monde, Les Echos and BFM Business).
For specialists in this field – whether experts or journalists – this phenomenon is a fairly new one. “Five years ago, we were all saying a cyber issue would one day make it onto the evening news; now, in the event of a major attack, that’s almost a given,” says Matthieu Bonenfant, Marketing Director at Stormshield. After all, cybersecurity now affects many more people than just those directly involved. Attacks are on the rise, affecting SMEs just as much as major companies. So much so, that even pop culture reflects this threat – whether through TV shows’ portrayals of hackers such as Mr Robot, The Bureau and Sense8, or in films featuring heroes who demonstrate their ability to penetrate computer systems.
In short, although cybersecurity isn’t yet covered on the school curriculum, it nonetheless remains a subject of key importance, and is moving out of its “expert” niche to become a recurring topic in current events. So can we say that cybersecurity has become mainstream, and even bankable? Is this media exposure having an impact on awareness of cyber risks?
Cybersecurity steps out of the shadows
The mainstream media fascination with cyber-issues would seem to be an indirect consequence of the GDPR. Since coming into force, this regulation has required companies to notify regulatory authorities of any security incidents. And this has made it difficult to sweep problems “under the carpet”. In parallel with the exponential growth in cyber threats, the cybersecurity environment has also opened up considerably. As a result, the French ANSSI cybersecurity agency has drawn up an effective communication strategy, and readily invites journalists of all kinds to tour its premises.
And cyber experts are now getting involved too. “A few years ago, if you wanted access to the media, you needed the support of a press relations network. Today, the media are the ones coming to us in their search for experts who can offer simple explanations of current events,” comments Matthieu Bonenfant. Back in September, Stormshield’s Deputy CEO Eric Hohbauer appeared as a guest on the CNews channel. Others are regular visitors to French TV screens, such as Nicolas Arpagian or journalist Damien Bancal, who has a regular spot on France Bleu Nord and Weo TV.
Government agencies are welcoming this new exposure. “Our role is to prevent cybercrime, and also to provide assistance to victims; we promote this work through TV advertising and by producing a large volume of content and messages on social media. It seems that these efforts are bearing fruit. Following our warning about a wave of blackmail involving hijacked webcams and its coverage in the media, the article on our site dealing with the topic is our most visited page to date, with several hundred views a day,” states an expert from Cybermalveillance.gouv.fr.
A tendency towards sensationalism?
Cyber threat indicators are currently on red alert. And it would seem that the mainstream media has heard the message loud and clear. But is there really more bandwidth available for discussing such issues? “We’re covering cybersecurity-related issues on a weekly basis, and presenting plenty of expert forums. But these issues aren’t being covered in real depth yet,” warns a journalist from a major daily financial newspaper. And more often than not, the topics making the front pages are major attacks (WannaCry, NotPetya and - more recently - LockerGoga and Varenyky), or current geopolitical news (e.g. coverage of the latest developments in the Huawei affair).
Since 2004, the term “cybersecurity” has risen steadily up the online search rankings (source: Google Trends).
It would be easy to speculate that the scale and sensational nature of such events are what generate interest... and therefore clicks. Indeed, media coverage of some cyber-news stories can sometimes even cause the scale of a threat to be exaggerated. This happened in 2018, with a campaign of attacks based on the exploitation of a DNS protocol. These attacks raised suspicions of espionage, with the finger pointing towards Russia and Pakistan. “The matter was spotlighted and initially presented as an "unprecedented attack on a global scale," and received widespread coverage on TV shows and in regional newspapers,” Matthieu Bonenfant recalls. “Although the attack itself was real, its impact was not as wide-ranging as had been reported, and there was in fact nothing new about the form it took.”
The difficulty of measuring impacts
Is the task of raising awareness bearing fruit? The jury’s still out on that one. The journalist from the financial daily newspaper we interviewed saw cybersecurity as a highly technical topic, which therefore “tends to be viewed as a distant issue of minor concern”. In addition, “the job of accurately valuing the economic scale of the harm caused is often a complicated one, making the subject yet more distant, particularly for companies.” Another source reveals that “the person in the street doesn’t follow cyber news very closely because they don’t (yet) feel it affects them.” And so it is currently unlikely to have much of an impact on changing habits.
This is a view shared by Cybermalveillance.gouv.fr, but the whole purpose of their work is precisely “to make Mr and Ms Average care about the issue, whether they’re 7 or 77 years old.” To achieve this, the teams strive to “popularise” the subject, adopting a tone users can identify with. And to ensure they address users’ expectations even better in future, a new system is to be introduced in 2020.
It’s a fair bet that by then, cybersecurity will genuinely have become “bankable”.