As cyber threats grow in complexity, media companies are becoming particularly vulnerable because they are seen as economic, societal and political targets by cybercriminals. Beyond financial demands, they are increasingly targeted by operations intending to spread misinformation and disrupt services. Let’s examine how ransomware poses a significant risk to media companies and the strategies that can bolster their cybersecurity to prevent, detect and respond effectively to attacks.  

The cyber threat landscape

Ransomware, spyware, and supply chain attacks are continually evolving and pose significant risks for media organizations that handle sensitive data and work with investigative sources. Exposing these confidential sources can compromise their safety and permanently damage an organization’s credibility.  

According to Statista, cybercrime is estimated to cost $15.63 trillion dollars (USD) worldwide by 2029. To meet this growing issue, companies invested 5.7% more in their IT security budgets in 2024 and was the top priority for them in 2023.*

Computer screen displaying source code

Ransomware challenges

Globally, ransomware continues to be the leading malware threat. A successful attack can paralyze access to critical systems and data—potentially halting operations for days or even weeks. The “double extortion” tactic is particularly challenging as attackers not only encrypt data so that it can no longer be accessed, but also exfiltrate it with the intent to publish sensitive information if their demands are not met. 

Ransomware costs are projected to reach $250 billion worldwide by 2031, underscoring their escalating nature. Recent statistics reveal that recovery from ransomware attacks takes an average of 22 days.** 

How ransomware works

A ransomware attack typically occurs in three stages:  

  • Infection: Attackers deliver malware via phishing emails, software downloads, or by exploiting a system’s vulnerabilities.
  • Encryption: Once they gain access, systems and files are rendered inaccessible.
  • Data theft and extortion: Attackers steal data and use the threat of exposure to ensure compliance with their demands.

Three ways to help safeguard your data

1. Preventing ransomware

CGI advocates a comprehensive approach:  

  • Employee training: Cyberattacks often occur due to employees unknowingly downloading malicious software. Therefore, it is essential to develop and increase company-wide awareness for employees to identify, detect, and report phishing attacks and other cyber threats.
  • Regular backups: Protected and encrypted backups are critical for data recovery after a cyberattack. However, the data (and decryption keys) should be isolated from the primary network to prevent it from being compromised. 
  • Network segmentation: Proper network segmentation and role-based access controls can help prevent malware spread and access to protected backups. 
  • System updates: Regularly installing updates can address vulnerabilities in operating systems and applications.  
  • Technology implementation: Incident management, anti-virus/malware protections, web content filtering, and threat detection can help improve an organization’s resiliency.

 

2. Protecting your organization before and during an attack

Before an attack occurs, conducting a ransomware system assessment can:
  • Provide a targeted review of a company’s internal security measures
  • Identify vulnerabilities like remote access points or unsecured backups
  • Offer recommendations to reinforce security  
  • Assist in the development of a ransomware playbook
Conducting a ransomware simulation exercise can provide a way to:
  • Measure the effectiveness of your ransomware defense and fine-tune protection strategies
  • Evaluate your incident management team's response time and processes
  • Exercise your backup, disaster recovery and system recovery plan
In the event of an attack, it is recommended to:
  • Follow your predefined ransomware response playbook
  • Engage security incident response and crisis management teams
  • Isolate network connections and immediately disconnect affected devices to stop propagation and be prepared to lock out segments of networks, if needed
  • Conduct a forensic analysis and report the incident to the appropriate authorities
  • Fully restore data from protected/encrypted backups

 

3. Penetration testing: Identifying and addressing weaknesses

Penetration testing (simulated cyberattacks) is critical to a strong cybersecurity defense. Like a fire drill, a realistic simulation by CGI experts can evaluate an organization’s existing defenses, identify vulnerabilities, test its exploitability, and offer solutions to address potential risks. This type of testing goes beyond standard vulnerability scans because it assesses possible outcomes for real-life scenarios. 

CGI offers three penetration testing solutions:  

  • Black box test: Simulates an external attacker who has no knowledge of the company.  
  • Grey box test: Simulates an external attacker who has partial knowledge of a company’s systems or networks.  
  • White box test: Simulates an external attacker who is fully informed about a company’s specific vulnerabilities.  

Adding another layer of security to penetration testing are Red Team Assessments. They not only evaluate technical defenses, but also social engineering and physical security measures, such as testing whether attackers can gain access through impersonation or manipulation.  

Two consultants discussing data displayed on computer screens

Embracing a holistic cybersecurity approach

As cyber threats continually grow and adapt to new safeguards, media companies must also continuously evolve their security strategies. This is why a holistic approach is crucial for providing the most comprehensive protection. CGI offers full-scale cybersecurity support—from preventive measures and penetration testing to resiliency assessments.  

Effective cybersecurity requires regular and continual risk assessments and proactive measures. By understanding and addressing vulnerabilities, media companies can protect their operations and reputation in an increasingly complex digital landscape. 

 

* Statista. (April, 2025). Estimated cost of cybercrime worldwide 2018-2029. https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
** Bundeskriminalamt. (2025, May). Bundeslagebild Cybercrime 2023. https://www.bka.de/SharedDocs/Downloads/DE/Publikationen/JahresberichteUndLagebilder/Cybercrime/cybercrimeBundeslagebild2023.html?nn=28110 (in German)