Cybersecurity: Don’t Leave the Door Open

Source: IABM Analysis of Verizon data

Cybersecurity has become a major concern for broadcasters and media organizations. Protecting their business systems, data and media assets from hacking is now a top priority.

A visit to the Cybersecurity and Content Protection Pavilion is a must for everyone concerned about cybersecurity, and vendors across the show floor are highlighting it. Steve Reynolds, CTO of IABM Platinum member Imagine Communications, explained why: “Our full range of customers across origination, content creation, production and distribution are all worried about security because their platforms are now more open and better connected, which are huge operational advantages but also bring security-related concerns.”

Located in the Central Hall, the Cybersecurity and Content Protection Pavilion will feature sessions on protecting information in the current cyber landscape, global digital production safety and Internet of Things security, among others.

Relatedly, the Broadcast Engineering and Information Technology Conference (BEITC) will also host numerous sessions addressing security in a live IP environment; protecting media production companies and consumer-owned and -managed devises against ransomware, and the associated costs of piracy and security breaches.

You may not hear about cyberattacks often because the reputational damage is highly embarrassing for companies, but they are happening with increasing frequency. Some notable recent cyberattacks directed at broadcast and media organizations have included: the hacking of three South Korean broadcasters in 2013, which led to the infection of their computer networks and compromising of customer data; the 2014 hacking of Sony Pictures Entertainment, reportedly compromising employee and customer data; the 2015 temporary closure of French broadcaster TVMonde’s network via multiple ingress points including remote-controlled studio cameras; and the 2016 hacking of a number of U.S. radio stations, resulting in unauthorized media going to air.

The broadcast and media industry is, of course, not alone in being a target for cyber criminals, but its direct relationship to millions of viewers and listeners — and their personal data — is making it increasingly attractive. Research by nScreenMedia in 2016 shows that 28 percent of media organizations admitted to having experienced a cyberattack. This research also highlights how media professionals are reluctant to share details on security breaches: 28 percent could well be an underestimate. According to the Verizon 2016 Data Breach Investigations Report, the entertainment industry suffered 38 cyberattacks with confirmed data loss in 2015.

This report finds that the main motive behind cyberattacks is financial — ransoming assets, for example, or obtaining customer personal and financial data for criminal exploitation. However, many hacks of broadcast and media organizations are allegedly driven by ideology; Sony Pictures and TV5Monde are possible examples of this. Even a grudge or grievance can be the starting point for a highly damaging cyberattack.

Wherever the threat originates and whatever the motivation, the industry is now taking the threat of cyberattack extremely seriously. A quick look at the potential cost of such an attack is one reason. A 2015 survey by the Ponemon Institute across 58 benchmarked public and private sector organizations put the average cost to a company of an attack at $15.4 million — ranging from $1.9 million to a staggering $65 million.

The cybersecurity options for end-users range from using in-house resources to relying on their cloud provider. It is perhaps counter-intuitive to use an outside resource, but cloud providers spend more than most individual organizations can afford on security — with hundreds of staff in some cases dedicated full-time to ensuring the security of their clients’ operations; their business after all depends 100 percent on preventing such problems. It is also incumbent upon broadcast and media technology suppliers to design safeguards of their own in the event that an attack gets through the outer door.

This does not mean that broadcasters and media organizations can just sit back and let a third party handle all their cybersecurity needs. A well-considered disaster recovery plan needs to be developed. Our industry has become more like a media factory — driving, measuring and recording all processes via the back office — and this is the way in for cyber-criminals. Don’t leave the door open for them; NAB Show is a great place to learn how to keep them out.