For those in the cybersecurity industry trying to get coverage from top-tier journalists in the field – and there are many thousands trying to do just that at RSA 2015 in San Francisco this week – here is what not to do: Pitch what everybody else is pitching. That is the best way to get them to ignore you.
On a panel titled, “Gumshoes Part Deux – Security Investigative Journalists Speak Out,” at RSA 2015 Wednesday morning, that was one of the more emphatic pieces of advice.
The panel – Kevin Poulsen, a contributor to Wired; Brian Krebs whose blog KrebsonSecurity is must reading in the industry; Nicole Perlroth of The New York Times; and Joseph Menn of Reuters – said they are generally looking for things that have not happened before, or haven’t been reported to death.
In other words, things like data breaches, and reports on data breaches, are so last week, last month and last year. “I can’t cover every security report or breach,” Perlroth said, adding that the number of solicitations she gets to cover them can reach several hundred a day.
Nicole Perlroth of The New York Times
“The criteria we set is whether it is a new kind of threat,” she said, although in the next breath she admitted that a few – like the Sony breach – stand out from the crowd. “I ended up covering that, of course,” she said.
The same applies to things like APT reports. “They’ve gotten out of control,” she said. “APT1 was something new. But now we’re up to APT24.” She said the Times decided not to cover a recent report on White House and State Department hacks, in part because, “it would be advertising for security firms.”
Menn said part of the problem is that doing the same stories on the same topics tends to make both reporters and their readers numb, even if they are important issues.
“We have to keep raising the bar on what is new, fresh and different,” he said. “I’m not going to do the same story again. I have to bring something new to the party.”
And Krebs admitted that even though, as an independent he can cover whatever he chooses, he sometimes gets sick of recurring topics.
When yet another breach happens, he said he asks himself, “Does this breach really matter? Is it going to hurt us that much more?”
Especially, he said, since, “identity data is so compromised across the board – all of your information went up for sale on the underground years ago. We are here at an authentication conference, and we still haven’t fixed that.”
Perlroth said she sometimes jokes that after four years covering cyber security she sometimes feels like she is on the cop beat. “We’ve been talking about the same problems for four years, so it does feel like Groundhog Day,” she said.
This story, "Reporting cybercrime feels like ‘Groundhog Day’" was originally published by CSO.