With cyber attacks on the rise, those in the media and broadcast industry need to be prepared and not playing catch up, says IABM Research Analyst Lorenzo Zanni.
Cyber attacks have become a major concern for broadcasters and media companies who are rapidly coming to terms with how exposed they are and how much is at stake.
That’s why Friday’s C-Tech Forum at IBC is wholly given over to the subject, bringing together chief technology officers, chief information officers, chief information security officers and chief data officers to discuss the threat, preventative strategies and how to manage a breach in the event of an attack.
You may not hear about attacks on media companies that often because the damage to reputations is at the very least highly embarrassing, but they are happening, with increasing frequency.
Attacks can be politically motivated, as organisations that don’t share a particular broadcaster or media company’s view of the world try to shut down their operations and damage their infrastructures and reputations.
More often financial gain is the motive – ransoming assets for example, or obtaining customer personal and financial data for criminal exploitation. Even a grudge or grievance can be the starting point for a highly damaging cyber-attack.
Recently there has been a growing number of well-publicised ransomware attacks where cyber criminals encrypt a company’s data and will only release the key to unlock it following payment of a ransom – nearly always in near-untraceable bit-coins.
Out of date operating systems or security are often blamed for giving cyber criminals easy access; indeed, in response to the WannaCry ransomware attack in May this year, Microsoft quickly released a patch for its antiquated Windows XP operating system to help protect the many people and organisations around the world who were still using it.
According to the IABM’s End-User Survey data, company size matters a great deal in cyber security. In fact, most organisations with less than 500 employees have not experienced any cyber-attacks in the last three years, while organisations with more than 500 have; for organisations with more than 10,000 employees the “yes” percentage skyrockets to 83%!
Moreover, most end-users (74%) consider it a top strategic priority in broadcast and media technology procurement.
Recognising this growing threat to its members’ businesses, the EBU published a series of recommendations on cyber security in 2016, including R143 – ‘Cyber-Security recommendations for media vendors’ systems, software & services’.
Vendors already, of course, have to conform to environmental standards, while end-user broadcasting and media companies will soon start setting their own security standards, and the EBU R143 gives a good idea of what these are likely to contain.
Most intrusions come through the back office, so a new level of cooperation is required between IT-based end-users and online technology suppliers.
The cyber security options for end-users range from using in-house resources to relying on their cloud provider.
It is perhaps counter-intuitive to use an outside resource, but cloud providers have hundreds of staff, in some cases dedicated full-time, to ensuring the security of their clients’ operations; their business after all depends 100% on preventing problems.
Imagine Communications Chief Technology Officer Steve Reynolds agrees.
He says: “The cloud is more inherently secure than a private data centre. Thousands of people at Google, AWS, Microsoft etc. have business cards with ‘security’ in their job titles – these companies understand how central security is to their and their customers’ businesses. A broadcaster may have a full-time staff but not at the same scale.”
Imagine Communications has also experienced a marked increase in customer awareness on cyber security. “This spans our full range of customers across origination, content creation, production and distribution,” says Steve Reynolds.
“All are worried about security because their platforms are now more open and better connected – which are huge operational advantages, but also bring security-related concerns. Every broadcaster has an understandable fear of an external agent being able to take their own content live to air in the broadcaster’s name.”
Don’t wait for someone else to set the rules for security compliance – work on security now to get ahead of the curve.
If you don’t embrace this early on, playing catch-up will be painful.
To run a facility efficiently today, you need to know where everything is and what goes with it – so the back office simply has to be connected to front office operations; this is the way in for cyber criminals. It’s become a serious problem. If you’re not already on top of it, you need to act now.