Among the challenges broadcasters and platform owners face today is restreaming, credential sharing, ransomware and hacking of content and data. IBC365 rounds up insight and tips from experts on cyber security.
The rise in streaming has led hackers to develop a whole range of scam websites pretending to offer Disney+, Netflix and US-based streaming service Hulu for free.
More than 700 fake websites mimicking Netflix and Disney+ signup pages have been created seeking to harvest personal information from consumers during the coronavirus lockdown streaming boom according to cybersecurity firm Mimecast, which reported the growth in websites impersonating the new streaming service.
Mimecast head of e-crime Carl Wearn said: “The Covid-19 pandemic and its resulting lockdown has left people with a lot more time on their hands at home. One way that British people are filling this time is with streaming services.
“This binge-watching comes with security risks, as cybercriminals look to take advantage of the uptick in television viewing. We have seen a dramatic rise in suspicious domains impersonating a variety of streaming giants for nefarious purposes. These spoof websites often lure unsuspecting members of the public in with an offer of free subscriptions to steal valuable data.
The data harvested includes names, addresses and other personal information, as well as stealing credit-card details for financial gain, the firm warned.
Wearn added: “My advice to the public is simple: if something looks too good to be true, then it probably is. Offers of free subscriptions are usually well-advertised and easy to find, so check the validity of any such claim before providing any information.”
- Read more: 365 playlist: Remote working
The media, entertainment and technology industry has been the target of some high profile cyber breaches from a variety of attackers with Netflix, WPP, Yahoo, TV5Monde and Sony Pictures Entertainment among those targeted.
Throughout the first few weeks of lockdown, broadcasters and streaming services reported surges in audiences tuning in with a report from Nielsen forecasting streaming to rise 60% because of coronavirus and three-fourths of consumers having added additional streaming subscriptions.
At the end of last year, overall access to pirated content in Europe dropped more than 15% according to a report by European Union Intellectual Property Office.
It found the consumption of pirated online film, television and music content between 2017 and 2018 fell 15.1% on average with the fastest decline seen in the consumption of pirated music which dropped 32%.
However, with isolation creating significant free time for users, and, streaming hours increasing, securing assets is ever more important for the media and entertainment sector.
IBC365 rounds up its latest cyber security features from hacking experts, ways to keep content safe in the era of IP and a spotlight on why productions should focus on security.
1. Experts call on PSBs to push the cyber security agenda
Public service broadcasters (PSBs) must secure assets to safeguard for the future as they increasingly have become targeted by malicious cybercrime as the adoption of cloud-based workflows rise.
Restreaming, password sharing, and theft of data are some of the major problems facing PSBs today. While platform owners and production studios often feature in the headlines, PSBs also need to proceed with caution.
IBC365 spoke with experts from Channel 4, Connect Devices co-founders, France TV, the DPP and the Alliance for Creativity and Entertainment (ACE) on ways to protect content, procedures and protocols with an industry wide movement to audit and mitigate cyber breaches.
France TV chief information security office David Garcia said: “FTV is targeted as well as other companies, so cybersecurity is very important.
“We are engaged with several organisations and we participate actively to the Media Cyber Security group of the EBU.”
The Media Cyber Security group started by the EBU acknowledges that once a broadcaster is targeted and counter measures are in place, the sensitivity of security issues means other broadcasters could fail to benefit from lessons they learn.
2. Keeping content safe in the IP era
The broadcast industry has been moving towards live production over IP networks for years, and the benefits of such a transition are compelling. Production and broadcast over IP is more agile, more cost-efficient, and with fewer constraints than previous transportation methods such as SDI.
IP does of course also bring certain challenges for the broadcast industry. One of the biggest hurdles to overcome is reducing the security risks in this more complex environment. Services can be disrupted, content can be pirated, and cyberattacks are a clear and present danger.
Akamai’s 2019 State of the Internet/Security report titled Media under assault provided a sobering assessment of the threats to broadcasters. Jaspal Jandu, group CISO at Akamai, noted that with today’s shift to IPTV and over-the-top (OTT) streaming, “the risks are both dramatically increased and more complex to manage”.
Internet-based attacks such as Distributed Denial of Service (DDoS) have been a threat in other industries for years, but are now bringing a new level of risk for broadcasters. Jandu said: “The new world of live IP TV, where much of the world’s media is consumed, means that any attack on availability could result in subscriber retention issues, hit ad revenue, and reduce the chances of future successful bids for rights. There aren’t second chances on live TV.”
3. Breaching ethically to mitigate PSB cyber hacks
Ethical hacking evangelist and public service broadcaster advocate Inti De Ceukelaire spoke to IBC365 on the importance of privacy, credible broadcasting and probing infrastructures for vulnerabilities.
De Ceukelaire is head of hackers at Intigriti, which is a crowdsourced security platform where hackers, researchers and companies can meet to explore bug bounty platforms and ethical hacking with the common aim to identify and tackle vulnerabilities online in a cost-efficient manner.
Looking at the ways in which user data is stored, content platforms use algorithms to curate content recommendations, and it is a broadcaster’s responsibility to harness the public’s privacy. This means the need for PSBs to work with ethical hackers is critical.
Admitting his natural bias, he claims it is the “civic duty” of PSBs to listen to the public and take on board cyber security as an important matte -r up there with budget, business strategy and technology innovation.
“There will always be ways to steal content and piracy breaches across the film and television industry, but it is more important for broadcasters to look for alternative piracy solutions because they will not go away any time soon,” he said.
4. Creating Spotify for sports to counter piracy
As fast as technology has helped to bring the action of sports closer to fans it has also led to a boom in the presence of piracy as a threat to rights holders and broadcasters.
Can piracy force OTT platforms to innovate beyond seamless user experience (UX) and personalised recommendations? The music industry provides a compelling example in combatting breach of copyright.
Speaking during the SportsPro OTT Summit in Madrid last November in the session ‘Piracy forcing innovation,’ Eleven Sports global head of digital projects Chris Tyas explained that innovating user experience on OTT platforms can often stem piracy.
There is no such thing as exclusive rights because everything can be found within minutes, online for free. As a broadcaster that is very challenging, across all markets we are competing against a free product,” he said.
“If you want people to part with money your offering needs to be far superior.”
The nature of live sports piracy is a challenge for both broadcasters and rights holders.
Canal+ Group global content protection partnerships Vincent Helluy said: “We have to be fast when we are fighting piracy for sport.”
- Read more: Online piracy: OTTs battling back
5. Why productions should focus on security
Security is a key concern for the media industry but security needs to be integrated into production cycles from the start, according to HBO’s Marc Zorn.
Zorn, who is head of production security at HBO, explained that while cyber security for distribution and post-production is often well-established, it can be overlooked in the main production cycle.
“Traditional infosec works well across most industries, with security professionals generally well-trained people who know what they are doing,” he said during SMPTE’s security track on the third day of the LA conference.
“It’s easy to think this would apply to any industry but it doesn’t always apply one-to-one to an industry as dynamic as media and broadcast.”
The rapidity of production cycles, especially on shoots that span multiple locations and temporary sets, means setting up secure enterprise networks is often an afterthought. Yet that same need for speed during a shoot means there is little time to set up additional security, said Zorn.