When Hurricane Sandy hit New York City, sites like Gawker and the Huffington Post got knocked offline because their data centers were flooded. If media companies devoted more resources to CTO budgets for preventive measures like additional data centers, the sites may have stayed up.
Media tech departments are often ignored until problems like security attacks or disaster recovery arise, and then it’s up to them to fix the problem. Not putting resources into security threats — whether hacking attempts or disaster recovery — can hurt when a site becomes compromised. This is beyond a tech issue; it’s also a significant business issue. Already this year, the New York Times, Microsoft, Wall Street Journal, NBC and Facebook have each been hacked resulting in downtime for readers, but also for advertisers.
Digiday spoke with three CTOs at both legacy and new media publications. Each wanted anonymity so as to not invite any attacks to their sites.
“The problem is that there’s no revenue generated by increasing security,” said one CTO from a legacy publication. “It’s only a defensive measure.”
Building out strong security systems takes developers away from other projects and can take weeks or months of their time and not have a tangible delivery the rest of the company sees. When a site goes down, it’s tough to know what brought it down. It could be bugs, a DDoS attack or weather or power loss. It’s almost impossible to know. Remedies are expensive and take away time spent on forward movement.
For a dollar that goes into security, it’s one less dollar that goes into development. A developer focused on security is a developer not building out ad units that have immediate return.
“You can build a new feature, or you can lock the doors,” a source said. “You can’t have both.”
According to CTOs, the biggest security risk inside a media company is its employees. And in the case of the Los Angeles Times, a former employee who is accused of compromising the site after he allegedly gave a hacker from Anonymous a username and password to change an article. Last month, the New York Times, Wall Street Journal and Washington Post each announced they were hacked. Employee passwords were stolen.
Also in February, NBC.com, including the sites for Jay Leno and Jimmy Fallon, was hit by a piece of malware sending users to malicious URLs with the intent to steal bank accounts and other personally identifiable information. Security threats don’t just take down sites, but can compromise a publisher’s audience.
Educating employees to not click on suspicious links and have pins for their smartphones and laptops are easy and effective measures to take.
With distributed-denial-of-service attacks rising in the media world, media companies are finding they’re lacking defensive measures. A DDoS attack is when a website is completely inundated with traffic requests that bogs down a server.
“It’s about how much insurance you want or need,” said one CTO. “When you play blackjack and the dealer shows an ace, you might buy insurance. You won’t with a four.”
The toughest thing for CTOs is selling something that doesn’t generate revenue. But one of the ways to get funding is to educate CEOs and CFOs of the importance of site security by explaining what the loss of business will be if a site gets attacked or goes down.
“If you calculate it that it’ll take whatever to come back, that loss of revenue is significant,” said a new media CTO. “That helps to justify revenue as long as you can quantify [the loss of business]. But sometimes, there’s a bit of a challenge to quantify.”
Media Briefing: The case for and against monthly and annual subscriptions in the battle for retention
There are no one-size-fits-all solutions for improving retention in a subscriptions business. While annual subscribers might stick around longer for some, other publishers will have better luck with monthly plans.
Digiday+ Research: The economy will hit the media and marketing industries this year, but differently
The economy will plague both the media and marketing industries in 2023, but the hit will be uneven between publishers and agencies.
Podcast ad buyers have yet to see a slowdown
Ad buyers have yet to see clients cut their podcast budgets – though the time of podcasts as the shiny new medium may be coming to an end.
SponsoredWhy Best Buy Ads sees retail media as integral to its customer-centric purpose
Sponsored by Best Buy Ads Retail media networks have become critical for marketers, with retailers investing in ways that enable advertisers to engage consumers across online and offline channels. Given the wealth of retailers’ first-party customer data and measurement capabilities, retail media networks have become a natural fit for augmenting performance marketing programs. Alongside the […]
The programmatic open marketplace is faltering, but publishers see a bright spot in private programmatic deals
Publishers are coming to terms with their open programmatic marketplace RPMs being 20-55% lower than they were this time last year, but the hope is that programmatic guaranteed deals will make up the deficit.
Marketers weigh the cons of working with Google Ad Manager amid Justice Department’s new lawsuit
When is it time to back away?