As government departments and companies around the world assess the damage caused by the WannaCry ransomware attack, security experts have warned of the increasing cyber threat to broadcasters and media organisations.

On Friday, it emerged that the malicious WannaCry software had spread around the world, exploiting a flaw in Microsoft software to block users from their data unless they paid a ransom using Bitcoin.

In a blog post, Microsoft President and Chief Legal Officer Brad Smith said the malware used in the attack had been “drawn from the exploits stolen from the National Security Agency, or NSA, in the United States”.

W cry screengrab cropped

WannaCry: the screen which greeted victims of the hack

Microsoft had previously released a security update to patch the vulnerability but, as Smith explained, “many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected”.

In the UK, 61 NHS organisations have been affected and according to reports, Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry are among other organisations targeted around the world.

It is not yet clear if any broadcasters have fallen prey to the WannaCry malware, but security expert and founder of Thinkst Applied Research Haroon Meer warned of the inevitability of attacks perpetrated against media organisations as the industry becomes more connected.

“Broadcast is at the centre of an almost perfect storm,” he told attendees of last week’s Future of Media Leaders’ Summit in Qatar.

“It didn’t used to matter if you weren’t secure because you weren’t exposed. You had an unlocked house but it was in a very safe neighbourhood.

”Recently, with convergence and TCP/IP (transmission control protocol/internet protocol), your house is moving into a much worse neighbourhood…breaches will happen, the important question is how you respond.”

C-Tech Series: Cyber Security Forum

At IBC2017, an invitation-only forum on Friday 15 September will examine what the cyber war means for broadcasters, how to anticipate the next threat and how to manage a breach. Click here for more information

In a thought leadership article for IBC365, last week Arqiva Chief Information Security Officer Denis Onuoha expressed a similar point of view. He said: “The broadcast industry is at a stage where it is moving to cloud-based and IP systems and embracing other forms of disruptive technology. This adoption has brought with it security vulnerabilities that simply didn’t exist previously.”

Before speaking at the Al Jazeera-hosted event in Doha, Meer examined software from broadcast vendors and found that only one of the eight pieces of software had opted into modern security standards.

“The only reason we are not seeing worms in broadcast yet is that broadcast has been living in this isolated environment. As soon as it gets more exposure it’s going to get hit and it will be hit ridiculously hard.”

Meer also argued that increasing anti- media sentiment, particularly in the US, suggested an increase in aggression towards broadcasters and news media.

Constant attacks

Speaking with IBC365, Al Jazeera Media Network CTO/CIO Mohamed Abuagla revealed that investment in security was a key priority for the Doha-based broadcaster.

“We have to invest a lot of time and effort in security. I am trying to make sure we bring up not only the posture and the safety net of security within our organisation, but we also have an obligation to work with the industry to help them bring up their game as well.”

He revealed that there is an “immediate correlation” between the stories Al Jazeera broadcasts and the type of attacks it is subject to.

He said: “For example, if we ran a story on government corruption in China, I would get Chinese attacks. Or, if we had a story on the website about cyber espionage in Russia, we would have Russian attacks, and if there was a story about the regime in Syria attacking its own people, we get Syrian attacks. It is that granular. It basically means that if we speak, we get attacked. So we continue to need to keep our game up.”

To help counter the threat, Meer advised broadcasters and vendors to adjust their mindset. “You need to understand that your organisations and software will be breached,” he said.

Haroon meer cropped

Haroon Meer: Thinkst founder

“It is completely impossible that you won’t be breached, the question is how quickly you react and how you contain it once it happens.”

Meer cautioned delegates against concentrating their efforts on technology and processes. Instead, he said the focus should be on hiring the best people.

He said: “People say that security is about people, process and technology, but I am telling you that is wrong; it is about people, because if you have the right people, they will put in the process and technology that you need. But if you have the wrong people, all the process and technology in the world will not save you. You need to find the right people and then keep them.”

Meer pointed to the size of the Chrome browser security team as an example of how seriously the threat to cyber security should be taken.

“In 2016, the Chrome security team had around 32 people working fulltime just on security, because that is what it takes.”

Addressing the vendors in the room, Meer said: “If you have two or three people and you test code once or twice a year, you are fooling yourself…the only reason you are not getting hacked is because you are not facing that level of scrutiny yet.”