Last week, The Guardian reported it was “hit by a serious IT incident” which the news organization believed was an attempted ransomware attack. The Guardian said the attack started late Tuesday, December 20, impacting the company’s technology infrastructure. As a result, staff were told to work from home while the news organization tried to identify, diagnose and fix any problems.
The company said that mostly behind-the-scenes operations were impacted, and online publishing was mostly unaffected. The news organization continues to publish news stories to their website and app and, on Wednesday, they said they thought they would be able to produce Thursday’s edition of The Guardian’s print newspaper.
The company did not specify which systems were compromised, if data was compromised, or if a ransom demand was paid, reports TechCrunch. Security Week the incident interrupted WiFi access at the company’s London headquarters. It also impacted shared computer systems and staff had to work on laptops or mobile devices before being sent home to work.
Anna Bateson, The Guardian Media Groups CEO, and Katharine Viner, editor-in-chief, told staff about the incident. At that time, they believed it was a ransomware attack, but would consider other possibilities.
“We are continuing to publish globally to our website and apps and although some of our internal systems are affected, we are confident we will be able to publish in print tomorrow. Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic,” Bateson and Viner said last Wednesday.
“We will continue to keep our staff and anyone else affected informed. We will update everyone again at the end of the day. With a few key exceptions, we would like everyone to work from home for the remainder of the week unless we notify you otherwise,” the CEO and editor-in-chief added.
With headquarters at Kings Place in central London, The Guardian is a global media organization covering world news, sports, culture and lifestyle. They publish four editions: U.K., U.S., Australia and an international edition. Founded in 1821, The Guardian is an independently owned media organization that receives more than half its funding from more than 1.5 million supporters in 180 countries. The organization exceeded their goal to raise $1 million in 2022 but close to $35,000. The company has one shareholder, the Scott Trust which helps the organization remain financially and editorially independent.
“Guardian Media Group is a global news organization that delivers fearless, investigative journalism – giving a voice to the powerless and holding power to account,” says The Guardian on their About Us page. “Our independent ownership structure means we are entirely free from political and commercial influence. Only our values determine the stories we choose to cover – relentless and courageously.”
The Guardian is not the only media organization to have suffered from a cyberattack in 2022. According to CPO Magazine, News Corp was hacked in January and in October, and reporters from the Wall Street Journal, the Times and the Sun had their emails compromised. In September, a hacker accessed Fast Company’s content management system and sent two obscene and racist push notifications to Apple News subscribers. Their website was down for a time, but the magazine published their news on their social media accounts.
Sammy Migues, a principal scientist at Synopsys Software Integrity Group, said that all types of organizations – including media organizations – should be prepared for cyberattacks. Though media organizations may be less likely to suffer from a ransomware attack unless they are a very larger profitable publication, Migues told CPO Magazine that ransomware attacks are on the rise and every company needs to be prepared for how they will deal with such a situation.
The Guardian’s “serious IT incident” last week shows the vulnerability of news organizations. Legacy organizations especially have a variety of hardware and software systems patched together and integrated to run their operations. Hackers intent on disrupting publications and their internal operations will find a way in, especially if they have a specific reason for doing so (e.g., ransom demands, political differences, ideologies, stealing data or source documents, etc.). Even media companies with the latest technology and best cyber awareness training and tools are vulnerable.
Every media company, regardless of their business model, needs to have regular cybersecurity audits and to ensure that staff at every level has the necessary training to prevent cyberattacks. This may not prevent cyberattacks, but it could help mitigate the damage. We expect to see more of this in 2023.