by Debra Kaufman
Security has become an area of great concern in the media and entertainment industry, since the Sony hack in 2014. This year, TheDarkOverlord hacked Larson Studio and released most of the fifth season of Orange Is the New Black, and later hacked ABC's Good Morning America Twitter accounts. How worried should you be? And what can you do to protect your company? HPA spoke with security expert Ted Harrington, executive partner at Independent Security Evaluators to find out.
Awareness about security is indeed increasing. It is important to note, however, that the threats to M&E aren't necessarily increasing, but rather awareness about those threats. These challenges have existed all along. The Sony breach was a catalyzing event that heightened the urgency for organizations to approach security proactively rather than reactively.
Security is a business problem, not just an IT problem, and executives are starting to recognize it as such. Every major attacker category is interested in stealing content assets, and all for different reasons, which makes it an immensely difficult position for defenders to handle. That was actually a primary motivator for Independent Security Evaluators when we committed to working here years ago, because we love solving complex problems.
One of the most crucial cybersecurity areas is surrounding applications. Adoption of applications is very rapid, and is fundamentally changing the business of content creation and distribution. Applications also entail a vast collection of attack surfaces for adversaries to pursue.
Ransomware has gotten a lot of attention. According to Forbes, cybersecurity firm SonicWall reported about 3.8 million ransomware attacks in 2015, which skyrocketed to 638 million attacks in 2016. The best way to protect against ransomware criminals is proper offsite backup, and it's critical to note that many organizations don't set up backups at all. Or if they do, they do so improperly, and so the primary data and the backup data often get compromised in the same event.
Although some people still fear the putting content in the cloud, this fear is irrational. We find that most people fall into one of three categories: irrationally confident in the cloud, irrationally afraid of the cloud, or somewhere in between. We advocate that everyone should be in that third category. A healthy dose of skeptical paranoia combined with a reasoned approach to risk-taking is how executives should consider pretty much any business decision, including whether to adopt cloud services.
Content assets are more at risk in a cloud environment than in physical media, because the attack requirements are lower. However, it is worth noting that the only unhackable system is one that is disconnected and buried in concrete - and how usable is that system? All aspects of any business make tradeoffs, and there are ways to utilize cloud services that are effective in minimizing risk.
The primary risks of utilizing cloud services are the same risks as not using cloud services: exploitable design flaws, exploitable implementation flaws, improper configuration, broken trust models, and so on. Fundamentally, the only difference between cloud and on-premise is that someone else owns the hardware. The manner in which an organization must consider adversaries, architect systems, and protect assets are essentially the same whether or not they own the hardware. Cloud actually even offers some security upgrades: while the primary tradeoff of utilizing cloud services is that an organization entrusts the data to someone else's hardware, the benefit return is that the cloud service providers are constantly investing in hardware upgrades, have extreme physical security measures in place, and have the latest and greatest of everything. A company that manages their own equipment on premise usually tends to not invest as heavily or as frequently in upgrades.
All studios require their technology vendors to undergo some sort of security testing prior to approval to access content, and most require the vendors to pay for it. In many cases, all organizations on both sides of that equation do not understand the assessment methodology that is required, and there is usually a drive towards cheap pricing rather than through assessment. But security is not overhead to be reduced, it is a business enabler to be invested in.
Bigger companies tend to be the more common targets, but smaller companies tend to be lesser able to defend themselves or afford adequate security measures. At the same time, smaller companies tend to be the engines of innovation, and the bigger companies (such as the studios) partner heavily with smaller companies (such as many of the technology vendors). Attackers know this. Malicious campaigns are often organized around what is known as a stepping stone attack, which is targeted at the smaller vendor companies that have lower defenses but the same access to the extreme valuable content assets. In the event of a compromise, both the small company and the big company thereby get hurt.
Steps companies should take right now to protect themselves are to understand and adhere to principles of secure design. I recently wrote a whitepaper on this topic, which you can read here. My advice is to invest in a proper security assessment, and avoid more cursory approaches like black box penetration testing, automated scaring, or reliance on compliance. Investigate your systems for weaknesses from the perspective of the adversary. Because, whether you do or do not approach your security weaknesses thoroughly, make no doubt about this: the adversaries will.
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
04/05/2024
NEW YORK As the Asian Pacific American Heritage Month kicks off in May, Nielsen has released an extensive new report diving into their media habits with data sh...
04/05/2024
PHILADELPHIA As National Military Appreciation Month gets underway, Comcast has announced several new initiatives to help veterans, service members, and their f...
04/05/2024
WASHINGTON, D.C. Federal Communications Commission chairwoman Jessica Rosenworcel has announced a tentative agenda for the May Open Commission Meeting scheduled...
04/05/2024
The Broadband Forum has announced major enhancements to key 5G convergence standards that the group said will help advance next-generation applications, improve...
04/05/2024
Spotify Wrapped Campaign Spot Graded With DaVinci Resolve Studio
Brie Clayton May 3, 2024
0 Comments
Blackmagic Design today announced that Colorist M...
04/05/2024
Three Boston Conservatory at Berklee Alums Nominated for Tony Awards An additional eight alums and two current students performed in nominated productions.
...
03/05/2024
An innovative learning tool to help media and civil society better understand ho...
03/05/2024
PARK CITY, UTAH - JANUARY 21: (L-R) Actors K stutis Cic nas and Greta Grinevi i t , Director Marija Kavtaradze and Producer Marija Razgute attend the 2023 Sunda...
03/05/2024
If you aren't familiar with Danny Ocean's music, it's only a matter ...
03/05/2024
Spotify has an unwavering commitment to supporting emerging artists across all genres, to helping them launch and thrive in their careers, and to connecting the...
03/05/2024
Como uno de los sonidos de mayor expansi n en el mundo, la M sica Mexicana va m ...
03/05/2024
As one of the fastest-growing sounds worldwide, M sica Mexicana is more than jus...
03/05/2024
NEW YORK FuboTV reported that it lost 110,000 subs in Q1 2024 but it exceeded its guidance for the quarter with double digit year-over-year increases across key...
03/05/2024
Only 3 Weeks Left To Enter The Creative Industries Most Award
Brie Clayton May 3, 2024
0 Comments
Creativepool is giving a last call to the creative i...
03/05/2024
WePlay Studios Transforms the Future of Live Event Storytelling with AJA Gear
Brie Clayton May 3, 2024
0 Comments
By 2032, the esports market is expec...
03/05/2024
WASHINGTON Shannon Bream, Fox News Sunday anchor and chief legal correspondent, sat for a keynote chat at The Business of TV News, with Tom Umstead, senior co...
03/05/2024
WASHINGTON Asked how important is local news, Martha Raddatz, who has covered foreign conflicts for decades and moderated presidential debates for ABC News, s...
03/05/2024
Sony Pictures and Apollo Global Management have made a $26 billion cash offer fo...
03/05/2024
CBS announced its 2024-2025 primetime schedule, which features the new dramas NCIS: Origins, Matlock and Watson, and new comedies Poppa's House and Georgie ...
03/05/2024
Sports-focused streaming service Fubo said it reduced its red ink in the first quarter, despite losing 110,000 subscribers since the end of the year....
03/05/2024
Walmart is reportedly about to release a new 4K streaming box/smart speaker hybrid device for Google TV that could retail for as low as $50, according to a repo...
03/05/2024
Enhancements to its Delivery Workspace solution provide increased content delivery robustness and security
By Matthew Corrigan
Published: May 3, 2024
Enha...
03/05/2024
According to reports, if the bid is successful, Sony would be the significant majority shareholder of the new private company
By Jenny Priestley
Published: M...
03/05/2024
Located in Manchesters Spinningfields district, the course aims to equip students with the skills, knowledge and industry insight for a career in the creative s...
03/05/2024
Lightbridge has created a new Cine Reflect Lighting System kit, dedicated to enabling artistic lighting with consideration of today's productivity practical...
03/05/2024
Broadcast media systems integrator BeckTV and Lawo worked together on a large-scale AES67 build of radio control rooms at KPBS, San Diego's NPR and PBS memb...
03/05/2024
Raleigh, NC, April 12, 2024 SmallHD announces PageOS 6, a powerful software update free for owners of SmallHD monitors, featuring increased functionality, exp...
03/05/2024
SmallHD announces the Quantum 32 a new 31.5 OLED monitor designed to provide reference HDR/SDR images for post-production final color grading, as well as cri...
03/05/2024
By 2032, the esports market is expected to grow to $9.29 billion, bolstered by a global player count and fan following that both continue to climb. The 2023 Lea...
03/05/2024
Amagi, the global leader in cloud-based SaaS technology for broadcast and connected TV (CTV), today announced that the 11th edition of the Amagi Global FAST Rep...
03/05/2024
Riedel Communications today announced that Westdeutscher Rundfunk (WDR) is relying on a media and intercom network based on Riedel technology for the renewal of...
03/05/2024
Broadpeak , a leading provider of content delivery network (CDN) and video streaming solutions for content providers and pay-TV operators worldwide, announced t...
03/05/2024
Media technology innovator Limecraft will exhibit the latest updates to its online platform on stand G79 at the 15-16 May 2024 Media Production & Technology Sho...
03/05/2024
Audio interface specialist Prism Sound is partnering with console manufacturer Solid State Logic, professional monitor manufacturer PMC and acoustic panel and d...
03/05/2024
Intinor, Sweden's leading developer of products and solutions for high-quality video over the internet, is set to join forces with its UK partner Zest Techn...
03/05/2024
NAKIVO Inc., a fast-growing software company dedicated to protecting physical, virtual, cloud, and SaaS environments, announced its Q1 2024 financial results to...
03/05/2024
Hiltron Communications announces an addition to its range of satellite communication products and systems: a field-upgradable motorisation kit specifically desi...
03/05/2024
Visit LiveU at Stand D30
With this year an exceptional one for major sporting events alongside multiple, key elections, the power and flexibility of LiveU'...
03/05/2024
Agile Content, the leader in the development of technology and solutions for the provision of television services over the Internet, announces Koldo Unanue as i...
03/05/2024
Eight co-signers representing streaming services, pay TV operators and public interest groups have sent a letter to Congressional leaders urging their Committee...
03/05/2024
BOSTON Brightcove has announced that it has implemented Amazon Q Business, a new generative AI assistant on Amazon Web Services (AWS)....
03/05/2024
NEW YORK CBS has declared that it will finish the 2023-24 season as Americas Most-Watched Network in primetime for the 16th consecutive season....
03/05/2024
A new survey indicates that U.S. businesses and consumers had an overall positive attitude towards their technology spending plans in the first quarter of 2024,...
03/05/2024
Sony and Apollo Global Management have sent an offer letter to Paramount Global's board of directors making an $26 billion all cash offer for Paramount Glob...
03/05/2024
EMG / Gravity Media has appointed Charlie Cubbon chief operating officer (COO) and Jamie Hindhaugh regional CEO for the U.K., U.S., Australia and the Middle Eas...
03/05/2024
Final 2024 Season Games to Air Saturdays on WRAL at 10:30am in May, Championship on June 1
Taping for the final episodes of the 2024 season of WRAL-TV's Br...
03/05/2024
Estrella MediaCo said it is expanding its connected TV portfolio by launching three new channels with Curiosity that will first appear on Samsung TV Plus....
by Debra Kaufman
