The dreaded 3am phone call: Lessons from the cyber-attack on Nine Entertainment Co.

Posted by Craig McDonald on Apr 27, 2021 3:55:52 PM

CM_TL_Nine hack original

It’s been called the “largest cyber-attack on a media company in Australia's history," something that has never been seen before in the country. 

Ever since news of the cyber-attack on Nine Entertainment Co. broke, it continues to dominate and sharpen local narratives on cybersecurity, fueled by unconfirmed speculation about the identity and motives of Nine’s attackers. Some reports claim a foreign regime is indicating its displeasure with Nine’s coverage of its actions, while others suggest that because media environments are typically not that mature in cyber, this “major cyber event could potentially have been triggered by something as clumsy as an employee clicking on an infected phishing email”. 

Source: The Conversation

But beyond the drama and enticing headlines, the Nine hack contains valuable lessons and reminders for navigating today’s complex cyber threat landscape. It’s critical that we share these with our customers, because the cyber risks facing Australian organisations today have never been higher. In the first few months of 2021 alone, reports have been rife of local cyber-attacks, including those on Parliament House in CanberraMelbourne-based Eastern Health, RMIT universityTaylors Wines and Australian National University. The scope and nature of each of these attacks is different, but they all point to one fundamental message – that cybercrime is becoming even more opportunistic, targeted and sophisticated.    

As you continue assisting your customers in fortifying their cybersecurity strategies, here are a few reminders and lessons from the Nine hack that can help keep their businesses protected in this period of heightened cybercrime: 

1. A timely reminder that we “cannot be complacent about cyber-attacks” 

Many politicians, experts and leaders have identified that the cyber-attack on Nine reflects the new reality facing corporations today, warning businesses that they need to be prepared to mitigate the cyber risks facing them.
Assistant Minister for Defence Andrew Hastie said he was “not surprised” about the attack, adding that it was a warning to all businesses that they need to be aware of potential cyber threats: “This is a timely reminder that Australians cannot be complacent about their cyber security. Cyber security is a team effort and a shared responsibility. It is vital that Australian businesses and organisations are alert to threats and take the necessary steps to ensure our digital sovereignty.” 

Similarly, Rachael Falk, Chief Executive of the Cyber Security Cooperative Research Centre, said that the attack is “a timely reminder for everyone…that you cannot be complacent about cyber-attacks. If it can happen to Channel Nine, it can happen anywhere, because we all run on connected systems." 

Admittedly, every cyber-attack is a crucial reminder that the war on cybercrime is far from over. But this unprecedented attack against one of Australia’s mainstream media organisations is particularly painful because it hits so close to home. The esoteric idea of a looming cyber threat suddenly gets very real when it impacts the weekend shows we are watching on TV, or the news we access online. It shows us how vulnerable and fragile systems are, even the critical systems we rely on daily, making it even more imperative that we recognise the severity of the cyber threats facing our businesses and do everything we can to protect them.  

2. Dealing with the dreaded 3am phone call 

It’s any CEO’s worst nightmare – being woken up around 3am by a phone call on a weekend and being informed of a “sophisticated and complex” cyber-attack that was impacting multiple key operations across the nation. But the situation was decidedly worse for Nine’s incoming chief executive Mike Sneesby, who received the call even before he had officially taken over the role. The disruptions that he and his team had to deal with were massive.  

Reports state the computers at Channel Nine in Sydney began “acting strangely on Saturday”, the 27th of March. “By Sunday morning, as the Today show was gearing up to go to air, many of them didn’t work at all. A sweeping attack had hit the corporate network, paralysing its systems,” the Sydney Morning Herald reported. The assault not only disrupted Nine’s ability to broadcast programs in Sydney, it also “threw the print production of its newspapers - The Age, The Sydney Morning Herald and the Australian Financial Review - into disarray…Every part of the business was affected, including payroll, and staff were told not to open suspicious emails or messages on social media platforms such as LinkedIn.” 

A spokesperson for the company said that following the attack, Nine took “many of its publishing, broadcasting and corporate systems offline, including systems not known to be directly affected by the attack, and forensically going through them looking for signs of intrusion, as well as for back doors that could let attackers back into those systems once the initial attack was resolved.” Making the best of a bad situation, Nine producers and teams reportedly resorted to “whiteboards and textas” to plan bulletins when the technical broadcast tools they usually relied on failed. 

Nine’s director of people and culture Vanessa Morley warned that the company’s systems may not be fully restored for some time and instructed staff to work from home indefinitely. Producers were flown to Melbourne for the week and an NRL commentary panel was told to drive to Newcastle to broadcast the football as part of a series of contingencies. At the time of writing, Financial Review editor-in-chief Michael Stutchbury said staff are now able to work in the newspaper’s Sydney office, but offices in other cities are still without Internet access and have to work from personal hotspots. It was also reported that while “technology staff at Nine worked through the Easter weekend to bring the company back online after a serious cyber-attack…it will still be weeks before computer systems are fully restored.”  

These operational and business disruptions to Nine’s operations are examples of the widespread consequences of cybercrime, resulting in ripple effects that are likely to extend far beyond immediate financial costs. Time will tell whether the company’s leaders handled these disruptions effectively, but it’s key to recognise them as urgent reminders of the need to have strong incident response and contingency plans in place in case of a crippling cyber-attack. Being hit by a cyber-attack is no longer a question of ‘if’, but ‘when’, making it vital that businesses have set processes in place that ensure business continuity, enabling them to recover with minimal loss and to set a process in place to save mission-critical data from being stolen and/or destroyed.  

Describing the days following the attack and how her company scrambled to keep operations running, Gay Alcorn, editor of The Age said that: “Who organised this attack is not yet clear, but it is a wake-up call for businesses and governments that this kind of disruption is likely to become more common. This was a sophisticated attack, which seriously affected one of Australia’s biggest media organisations.” 

3. Bolstering cyber defenses 

Details are yet to emerge about the exact nature of the attack and whether it was, like experts speculate, indeed a ransomware attack, but what is clear is that it has renewed conversations around the country’s cybersecurity posture. From experts commenting on the need for organisations like Nine to be more transparent around the cyber-attacks that impacted their systems, to reports circulating that Australia is proving to be a softer cyber target than expected, the Nine attack has led to increased enthusiasm around cybersecurity and the need to be cyber resilient across all industries.  

For example, in an “unusually forthright assessment” of the cyber challenge facing organisations during the Financial Review’s Banking Summit (which took place shortly after the Nine hack), leaders described “cyber-attacks as the biggest single threat facing banks today”. Westpac CEO Peter King said the company had seen a “massive increase in scams”, adding that his bank was educating staff and customers about ways to reduce cyber risks and was extending monitoring to its myriad third-party suppliers.  

“Organised crime does try and get people into companies, so you have got to look at who you hire often. One of your weaknesses is your people clicking on emails. We call it phishing of [staff] or, if you’re a high-profile target, they talk about it as whaling,” he said.  

It has been speculated that malicious emails were, in fact, a potential attack vector in the Nine hack. A Financial Review article written shortly after the cyber-attack stated that “based on past experience at other companies, there is a high probability this attack started with a phishing email,” adding that “the cyber disruption at Nine comes in the midst of a wave of criminal and nation-state attacks that take advantage of employee ignorance of phishing emails.”   

Cybersecurity is increasingly being recognised as a priority among boardrooms, but the cyber-attack on Nine has pushed it higher on the executive agenda. It’s critical we leverage this enhanced focus on cybersecurity to continue proactively reviewing and enhancing our customers' cyber resilience plans, including bolstering their email security posture. The cyber-attack on Nine may or may not have been an email-borne one, but ample evidence exists that malicious emails are one of the top cyber threats facing organisations today. 

In fact, nine out of 10 cyber-attacks start with an email, even when most businesses have an email security solution in place. No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.    

As a CEO, I shudder to think of what Nine and the people at the centre of it all, went through during this time. Having personally gone through a vicious cyber-attack in my previous company, my heart goes out to them. But it’s also why we cannot let the high-profile nature of this attack dilute the gravity of its underlying messages and lessons. If the disruptions caused by the pandemic in 2020 reminded us how fundamental cybersecurity is to business continuity, the disruptions caused by the many cyber-attacks in 2021, including the Nine hack, are warnings that we need renew our efforts in making our customers more cyber resilient.

Talk to us

MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants. 

Australian partners, please call us on 1300 30 65 10 

US partners call 1888 848 2822 

UK partners call 0 800 404 8993 

We’re on Facebook,Twitter and LinkedIn. 

 

Topics: Business security partners technology ACCC ACSC 2021 Nine Entertainment Co media

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all