Publishing corporation Lee Enterprises has confirmed that a cyberattack on its systems was behind disruption at dozens of its newspapers and media outlets, with the impact wave stretching across the U.S. Systems are now back to normal but the consequences of the attack continue to rumble on.
Lee Enterprises owns 72 daily newspapers and approximately 350 specialty publications in 26 states. The scope of the incident is significant, with Lee Enterprises claiming to reach more than 75 percent of U.S. residing adults in their largest markets and 25 million unique web and mobile visitors monthly.
The attack impacted employee systems, subscriber services, and VPN access, with print operations disrupted. The company has recently been investing significantly in digital transformation technologies.
As details of the Lee Enterprises cyber incident continue to emerge, David White, Co-Founder and President at Axio, a cyber risk management software firm, explains to Digital Journal about the significance of the breach.
White is an expert in cybersecurity frameworks and maturity models. He played a leadership role in developing versions 1 and 2 of the Cybersecurity Capability Maturity Model (C2M2) in support of the U.S. Department of Energy.
Addressing the specific cyber-incident, White comments: “We don’t yet have full details on the Lee Enterprises cyber incident. While ransomware is a possibility, Lee has not disclosed the exact nature of the event. Some of its publications appear to be completely offline, while others, like the St. Louis Post-Dispatch, continue to operate at a reduced scale.”
There are general observations that can be made as a result of the incident. White picks out: “This incident underscores the critical importance of a cyber resilience strategy that enables continued operations under the duress of a cyber event.”
Standard business Reponses are no longer appropriate. White observes: “Many organizations focus on recovery and return-to-normal as their resilience strategies, but with disruptive cyber events becoming more frequent, organizations need both a protection strategy and a sustaining strategy that includes continuity planning, incident recovery, and full restoration to remain viable after an attack. These elements are often conflated, but each plays a distinct role.”
Explaining what he means by these concepts, White states: “Continuity ensures essential functions remain operational during an attack, such as manually processing transactions if systems go down. Recovery involves stopping the damage and initiating repairs, such as restoring system access and removing intruders. Restoration is the long-term process of returning to full operational capacity.”
Drawing on key lessons from history, White explains: “Clorox learned this firsthand. While they were able to recover and resume production after an attack, full restoration was delayed because their production lines, which handle regulated chemicals, required re-certification. Until that process was complete, they couldn’t ship products—demonstrating why organizations must plan for all three stages of resilience to minimize operational disruptions.”
