The Internet of Things (IoT) refers to every physical device that is now connected to the internet, collecting and sharing data. Such devices made our world extraordinarily interconnected, so much so that almost everything we do can be tracked and analyzed.
IoT brought unprecedented disruption to many industries, including media and journalism. Thanks to the “Journalism of Things”, journalists can now reach more people, find more information, and uncover the truth faster than ever before. But, at the same time, IoT devices can serve as entry points, bringing many new challenges to journalists and the press at large, most notably surveillance and cyberattacks.
Take cyberattacks – the number of attacks has started steadily growing again in 2019 with damages forecasted to reach $6 trillion by the end of 2021. Simply put, IoT devices act as catalysts in cyberattacks’ potential to hurt targets. In the first half of 2019 alone, attacks on IoT devices increased by more than 300% which makes it all the more worrying considering that the number of IoT devices existing globally (over 21 billion devices in 2020) is forecasted to double by 2025.
This is a very worrying trend specifically for journalists, global media and news organizations, as well as government agencies, as for the growing risk of endangering the confidentiality, availability, and integrity of information flows.
What can journalists do to balance the good and the bad of IoT and how can they protect themselves and their industry?
Why Cybersecurity Must Be a Priority for Journalism
IoT devices open up new vectors of risk for news professionals. While smartphones and laptops are primarily at risk of a data loss or data breach, IoT devices such as smart speakers, fitness trackers, smart light bulbs, or vehicles, carry new kinds of cyber-physical threats with them. Just imagine going down the stairs at night and a hacker turns off the lights.
On top of that, malicious hackers are not the only threat actors journalists need to protect themselves from. There are more and more cases where it’s the military or governments threatening the freedom of the press, especially if they have a repressive attitude towards independent journalism.
Case in point: In July 2021 more than 180 reporters, editors and journalists were included in a leaked list of phone numbers selected for surveillance by clients of NSO. NSO is an Israeli technology firm that produces spyware and sells it to governments. Spyware is a type of malware that can infiltrate any internet-connected device. Once it does, it can activate its camera or microphone to spy on the victim, as well as provide the attacker with administrative access to calls, emails, and other sensitive data the device might be collecting. Spyware can either be installed via a vulnerability in the device’s operating system or through a phishing tactic that tricks the victim into clicking a malicious link or attachment.
This spyware incident makes it very clear how much a comprehensive defense and mitigation plan together with digital protection routines for journalists, members of the media, and activists should be the top priority.
Balancing the Benefits and Threats of the Journalism of Things
The Internet of Things has positively impacted journalistic practices, altering the way news is produced and how, and how often, audiences consume news also.
Using IoT sensors to remotely operate devices and collect data, enables journalists to build data sets and generate insights faster and more easily than ever. For instance, journalists can monitor vibrations and noises from any public event such as political campaigns and concerts and find out which speech or quote resonated the most with the audience, or which song was the most popular, all in real-time. Such sensors also measure and compare pollution or air quality in different cities around the world as well as track the effects of the climate emergency.
But, such benefits must be weighed against the new cyber challenges that IoT devices trigger. In 2020 researchers discovered a new virus that has been infecting IoT devices making devices inoperable or data inaccessible to their rightful users.
IoT devices are particularly vulnerable to cyberattacks as most lack suitable built-in cyber security protections, thus enabling threat actors to easily scale cybercrime. Also, the older-than-a-decade IoT environment still lacks much-needed regulatory efforts, for example, around security standards. Only by the end of 2020, the United States have started working on creating security standards for IoT devices. To make matters worse, according to Alexander Vukcevic, director of Avira Protection Labs, what is potentially explosive is the easy availability of, for example, specific malware code as it is being spread on the Dark Web as well as on YouTube “allowing inexperienced cybercriminals to create their botnets”.
Therefore, journalists need to be aware of cyberattacks potentially coming their way through IoT devices and proactively follow security best practices as well as implement new routines around protecting themselves.
What Can Journalists Do to Protect Themselves, Their Work, and Organizations?
Here is what journalists can do to protect their work and organization:
- Educate themselves about IoT implications and cybersecurity
- Activate Threat Intelligence across their organization to proactively assess risks and manage these
- Protect your Personal Identifiable Information (PII) at all costs
- Be mindful when using IoT devices, as they can be vulnerable to malicious infiltration, for example, when speaking to an anonymous source
- Cover basics like installing anti-virus software, password protecting your devices and files, and using multi-factor authentication processes
- Make sure that apps and programs use data encryption
- Create secure backups, either to external hard drives or to the cloud
- Use private browsing to keep your internet activity concealed and use a VPN to anonymize your Internet traffic
- Be aware of the GPS function, and use it only if required
Journalism of Things is a double-edged sword: it enhances journalists’ reporting capabilities while, at the same time, creating an entry door for malicious actors threatening journalistic work and, possibly, journalists’ physical well-being. Taking effective action around cybersecurity is, therefore, key to the protection of journalists, newsrooms, and, more generally, the freedom of the press.