In the past five years, the Indian publishing space has undergone a massive transformation, and the rise in internet penetration in the country has led to the advent of new digital houses
With the rise in engagement during the Covid-19 lockdowns around the world, a wealth of new data has been generated by publishers, which are under threat from credential stuffing, DDoS attacks, malware, etc.
Digital publishers are investing in enterprise-grade solutions providing end-to-end security to protect not only their own consumer-facing digital properties but also their end-user data
When Covid hit, several housing societies and colonies across the country suspended newspaper deliveries. Due to the rise in health risks, television news channels had to substantially reduce their programming, and media houses could not deploy full staff. A vast majority of the publishing industry adapted to consuming content and news hosted on digital channels by media houses.
According to a BARC-Nielsen report from April 2020, real-time updates shared by digital publishers led to news consumption on smartphones spiking by 34% during the second week of lockdowns in March 2020.
The study also found that users were spending more time tracking news on their handheld devices — the weekly time spent increased to 40 minutes as compared to the pre-lockdown figure of 27 minutes. As with other industries such as retail, banking, and restaurants, the ongoing digital shift in news media was swiftly accelerated by the pandemic. According to Comscore, compared with the week of 9–15 March 2020, visits to websites and mobile apps in the “General News” category went up by 50% during the week of 16–22 March 2020.
However, this doesn’t mean that the giants of the industry are unaware or unprepared for this digital revolution. Legacy media houses such as The Times Group (proprietor of The Times of India, The Economic Times, ET Now, and Times Now, among others), HT Media Group (which publishes The Hindustan Times and Mint), The Indian Express Group, and Business Standard have been on the path to digital transition for quite some time. Today, they not only have digital media arms employing hundreds of journalists but have also expanded into other digital businesses to offer the consumer a set of bundled services.
New Digital Content Models Are Emerging
Take, for instance, The Times Group. It offers a user more than 15 services with the Times Prime subscription — including access to all its news properties — at a price point of INR 999. “Our ability to reinvest some of that subscription money into making the (bundled) product better not only gives better value to those 2 Mn users but attracts the next 2 Mn users,” Times Internet vice-chairman Satyan Gajwani earlier told Inc42.
While digital media houses are innovating on the revenue model front with subscription and bundling of news products, they are also experimenting with podcasts, new formats of video reportage, webinars, and the use of AR/VR to enrich the modes of news and information delivery.
Yet the most significant trend in the digital publishing ecosystem has been the rise of vernacular content in the past few years. While the dominant demographic in India’s internet audience had been the urban middle class for the first decade and a half of the millennium, the entry of Reliance Jio into the telecom sector with free data plans in late 2015 came as a watershed moment. With all other telcos bringing down the prices of data plans in response as well, the number of internet users in the country grew from approximately 300 Mn five years ago to about 700 Mn in January 2020. This number is expected to reach approximately 975 Mn by 2023, according to Statista.
While the digital transformation of any sector means many new opportunities opening up, it also leads to new threats that businesses and consumers didn’t have to face before — cybersecurity threats. The fact that cybersecurity threats increase as the digital universe gets bigger was validated even further amid the pandemic, as the number of cyberattacks increased significantly.
“Akamai works with some of the world’s biggest publishers to ensure their digital offerings are secure and reliable, without sacrificing performance. Our platform and our experience of working with publishers worldwide enables publishers to seamlessly diversify their business and monetisation models, while we continue to protect their operations through strong security and bot-detection services,” said Sid Pisharoti, regional VP, India & South East Asia region and APJ Carriers Business, Akamai.
Akamai’s Intelligence Edge platform offers Media Content Security Solutions to help Media businesses prevent piracy and unauthorised access while maximising the monetisation of premium assets.
In 2020, India saw as many as 375 cyberattacks per day, 37% more than the previous year. This trend is expected to continue in 2021 as digital transactions rise through UPI and hundreds of thousands of users are brought into the fold of high-speed internet and exposed to online commerce.
As such, the digital publishing industry also is not immune to cybersecurity threats.
Data Is The Eye Of The Cybersecurity Storm
One of the biggest problems for online news publishers is credential stuffing — a cyberattack in which stolen usernames, phone numbers, email IDs and passwords are used to gain unauthorised access to a user’s account on a digital platform.
Speaking to Inc42, Nelson Rodriguez, a senior publishing industry expert at Akamai, said, “In the past, media companies, in general, were not worried about the security challenges. But now, publishers — who weren’t necessarily a target for people stealing credentials or credential abuse — have become a target for that. With people using more devices for accessing content, the challenge has become to keep digital properties responsive yet secure. Also, companies are holding more user information now, so the responsibility to keep that data safe falls on them.”
However, it is not only a user’s login credentials at risk on a digital news platform — users’ financial information and payment-related data are equally vulnerable to cyberattacks. This means payment integrations and API calls need to be evaluated carefully, and processes such as two-factor authentication, or one-time passwords sent to mobile numbers, need to be tested thoroughly to prevent leaks.
As Indian publishers look to diversify their businesses by expanding into merchandising, they could be further exposed to cybercrime. For instance, they would have to guard a larger set of user data points related to transaction details, consumer behaviour, and more.
Trojan Horses Lurk Around The Back End
While deploying an in-house cybersecurity team is a necessity for any digital business, it is not enough by any means. With people working from home and carrying out all kinds of transactions digitally, the surface area available to attackers has increased manifold amid the pandemic.
In addition, attackers now have multiple routes for tracking users such as virtual fingerprint detection, tracking user IDs across websites through logins and non-destructible cookies, invisible trackers, and more.
In the context of digital news publishers, the consequence of remote working is that they now have to consider protecting every stage of their operations. It is not just the end-user data that is under threat, but also employee data, corporate information that is exchanged digitally, and content that is in production, in delivery, or in storage that could come under threat.
Driven by remote working and the lockdowns in 2020 and 2021, physical events became impossible for businesses to host and, thus, virtual events became the obvious answer. This led to an unprecedented surge not only in online events but also in the threats to security and privacy for businesses. On the other hand, coverage for physical events such as elections or poll results can also lead to a sudden spike in traffic and a corresponding increase in attack traffic.
Hackers take advantage of virtual events in various ways, including impersonating legitimate attendees to conduct social engineering scams. From trolls resorting to harassing and ridiculing the speakers to hackers targeting the virtual event’s network for confidential data such as intellectual property and personally identifiable data — security breaches have increased with the increased adoption of virtual events.
“The Indian Express Group’s online business can sleep safely at night, knowing Akamai Security products are protecting their websites from both targeted and distributed cyberattacks using their worldwide network of hundreds of thousands of servers, massive bandwidth, security systems and knowledge,” said Amardeep Vishwakarma, CTO, The Indian Express (Digital).
Akamai told Inc42 that, with the surge of digital content consumption by users in the past year, publishers have observed not only an increase in monetisation opportunities but also a corresponding increase in cyber threats. In order to protect media businesses from content piracy, unauthorised access, and against cyber-attack vectors of varying magnitudes and forms, Akamai offers a comprehensive suite of Media Content Security Solutions.
Among the most prominent and common forms of attack on corporate networks of digital businesses are phishing and the presence of malware.
Phishing is a method in which a user is enticed into revealing sensitive data or clicking on links that could compromise their data. For instance, users may receive phishing links that look genuine and ask them to renew a subscription but actually land them on malicious websites.
Malware might take a similar route, but cyber attackers have evolved sophisticated systems that do not require them to induce a user into clicking or downloading a file anymore. The WannaCry ransomware attack of 2017, which brought agencies and businesses across the world to a standstill, is a case in point. The cyber attackers used a security loophole in operating systems to break into an organisation’s IT system, hijack it, and then ask for a ransom to be paid in bitcoins. This sounds dangerous, and it is. Yet the biggest cyberattack from online media’s point of view is a lot less centralised.
“We offer a comprehensive suite of security solutions that address the key challenges faced by this sector — enterprise threats such as phishing, malware, content scraping, content theft, and identity and access risks. As publishing houses increasingly move their services behind a paywall, this exposes them to newer vulnerabilities, something that Akamai can help protect against,” said Rohonesh Kar, head of solution engineering, India region, Akamai.
Content Piracy Erodes Media Revenues
One of the reasons that different revenue models, such as subscriptions and content-based commerce, are being adopted by media houses is that they want to reduce the dependency on digital ad revenues. Throughout the world, publishers are competing with big tech companies for a bigger share of the ad dollar pie, but they realise that ad revenues may not be reliable in the long run.
The more sustainable solution then becomes to create original content and monetise it through different models. Content scraping and piracy acts as a hindrance in this regard. Why would users pay for a subscription or spend time on your website when they are served the same video clip or exclusive news piece somewhere else for free?
Though countries around the world have enacted laws to tackle piracy, malicious actors are adept at finding workarounds to scrape content from websites and make it available elsewhere for consumption.
Unfortunately, copyrighting isn’t enough to prevent an attacker from stealing original content and illegally sharing it online. What compounds the problem is that search engines often cannot differentiate between original and scraped content, and this could also lead to digital news publishers losing revenue.
Another important aspect that digital news companies need to understand is that cybersecurity attacks on their systems need not always be from organised groups and skilled hackers. In a world that is becoming increasingly polarised along ideological lines, attacks can even come from readers or viewers who may not agree with the content produced. So websites and apps also need to protect themselves from being defaced by such users. Lack of adequate cybersecurity measures can increase the risk to brand reputation and user trust.
Given the varied challenges, what are the measures digital publishers can use to reduce the risk of vulnerabilities?
“There are a plethora of cybersecurity products available today. Publishers need to determine their needs and allocate the spending, and they can get the solutions specific to their platform and needs. We also use specific products from Akamai’s portfolio of edge security and analytic solutions,” said Shubham Srivastava, CTO, HT Digital.
Digital publishers need to adopt a multilayered approach and a wide variety of tools to protect themselves from various forms of cybersecurity attacks — ransomware, phishing, DDoS, advanced persistent threats (APTs), web skimming, identity fraud, and content encryption — to steer clear of content piracy or scraping.
Given the increasing complexity of the internet landscape, delivering secure, high-quality interactions to every user, everywhere, has become more difﬁcult. It has become imperative for businesses to work with the right tech partners. Additionally, as online data and transactions increase in value, websites and other online assets are becoming the target of larger, more complex, and more frequent attacks.
“Akamai’s presence in the Indian publishing space is over 15 years old, and we share a unique partnership with varied publishing houses in the country today. We are proud to be an enabling partner for the digital transformation that they have undergone, and we continue to help protect them, as we see a surge of security threats in the pandemic,” said Mitesh Jain, country business head, India region, Akamai.
He further added, “Also, with the continued increase in traffic from tier 2 and tier 3 cities in the country, Akamai’s decentralised network architecture is able to support publishers with the scale and reach required to serve the next 1 Bn consumers.”
Today, Akamai has some of the biggest publishers in the world as its clients. The Akamai Intelligent Edge Platform covers all aspects from the enterprise to the cloud, and enables businesses to extend the power of their multi-cloud architectures and, in turn, gain a competitive advantage in the market. Its solutions include flexible operations through a scalable cloud platform, reducing infrastructure and network connectivity costs, secure management of complex user identity programmes, and more.
“The risk and severity of cyberattacks have clearly grown over the past few years. It goes without saying that the advancement of technology and the wide use of digital media is making attackers smarter by the day,” said Ravi Kumar, Chief Manager, IT, at Jagran New Media.
He further added that security solutions from Akamai have helped the publishing house. “We take corrective security measures as per suggestions from Akamai experts, which helps in keeping our applications secure. Akamai provides an easy-to-use tool that helps find and identify true positives, false positives, traffic patterns, and more.”
Akamai told Inc42 that its portfolio of cloud security solutions extends across all layers of an enterprise, from internal-facing applications to front-end applications, from business platforms to network infrastructure, and all the way to the layer housing critical information about end-users. Furthermore, Akamai solutions also extend the security perimeter of enterprises much closer to users and ensure that any threat to security is stopped in the cloud right at the edge of the network.
Through its security solutions, it offers various benefits to its clients, such as:
- Protecting online estate and digital properties
- Protecting enterprise applications and operations through strong threat protection and bot-detection services
- Securely managing complex user identity programmes using cloud services
- Ensuring higher quality of user experience
When it comes to choosing the right partner for a publisher for cybersecurity, it is best to carefully evaluate different providers for the depth and breadth of capabilities and to choose an innovative and proven comprehensive solution stack that protects against all types and sizes of cyberattacks.