• Thursday, June 13, 2024
businessday logo


Nicole Perlroth: Making sense of cybersecurity reporting

Implementing policies to mitigating security risk in organizations

Almost every passing week, a survey on cybersecurity comes out expressing the major headache that executives of organisations have in trying to successfully police hackers. Countries worldwide are also often unsure how best to tackle the increasing incidences of cyber criminalities and the ramifications for their economies.

At the heart of this concern is that reporters – the gatekeepers – do not provide an adequate interpretation of cybersecurity to aid the understanding of the subject matter. There are so many jargons in cybersecurity that do not get a sufficient interpretation for the reading public.

For Nicole Perlroth, a former New York Times journalist and best-selling author, at the Foreign Press Reporting Virtual Tour, the challenge with reporting cybersecurity is the sense of being overwhelmed because everything happens at once. Keeping up with hundreds of hackers always on the prowl, interrogating the defenses of organisations, the breakneck speed of attacks, and the sophistication of the next attacks is not an easy tasks.

“I would tell the masthead editors at every opportunity, you need 12 people to cover cybersecurity,” said Perlroth. Such requests would naturally not be granted in many newsrooms – including the New York Times as she discovered – due to the implications on the budget.

In Nigeria, journalists covering the technology and ICT desk have to combine a lot of segments including cybersecurity. In many newsrooms, only one journalist is assigned to the entire technology desk. This makes it even more unlikely that any special attention will be given to covering cybersecurity in detail.

Perlroth solved her dilemma by meeting with journalists in the newsroom on relevant beats to try to get them to at least have a couple of sentences in some critical stories about cybersecurity implications.

“I think by the end, there was a period of lots of short-term pain where most of the calls I got weren’t hey, there’s this breaking story,” she says. “It was hey, there’s this reporter on this beat and they’re trying to understand if this is a big deal, can you walk them through that?”

She now advises young journalists not to be afraid of the subject matter. One way to overcome this fear is to read widely. Reading helps journalists to understand the depth of the problem and some of the dynamics that the solutions need to take.

The quality of sources also elevates the reporting of cybersecurity. A source that truly understands the subject matter they are dealing with in security, makes it easier for the journalist and reporter to understand and use more relatable language in writing.

Perlroth identifies different sources including educational sources, sounding board sources, intelligence sources, and whistle-blowers. The best sources are security researchers at the major security, cybersecurity firms.

Due to the nature of cybersecurity, there is often the need to ensure these sources are protected. Guaranteeing protection is the only way a journalist reporting cybersecurity will maintain relationships with these sources.

Safety for sources could also require an extra level of security consciousness on the part of the reporter. Perlroth recommends the use of Signal for highly sensitive conversations. The platform is easy to use, it is end-to-end encrypted, and the message will self-destruct in a day.

There is also a need for balance bearing in mind the target is the general public. Hence, the journalist has to find a way to interpret jargon or the many acronyms in cybersecurity.

The public audience may include government officials, policymakers who draft policies, business executives, professionals, small business owners and their workers, and everyone with interest in protecting their digital systems.