by Debra Kaufman
Security has become an area of great concern in the media and entertainment industry, since the Sony hack in 2014. This year, TheDarkOverlord hacked Larson Studio and released most of the fifth season of Orange Is the New Black, and later hacked ABC's Good Morning America Twitter accounts. How worried should you be? And what can you do to protect your company? HPA spoke with security expert Ted Harrington, executive partner at Independent Security Evaluators to find out.
Awareness about security is indeed increasing. It is important to note, however, that the threats to M&E aren't necessarily increasing, but rather awareness about those threats. These challenges have existed all along. The Sony breach was a catalyzing event that heightened the urgency for organizations to approach security proactively rather than reactively.
Security is a business problem, not just an IT problem, and executives are starting to recognize it as such. Every major attacker category is interested in stealing content assets, and all for different reasons, which makes it an immensely difficult position for defenders to handle. That was actually a primary motivator for Independent Security Evaluators when we committed to working here years ago, because we love solving complex problems.
One of the most crucial cybersecurity areas is surrounding applications. Adoption of applications is very rapid, and is fundamentally changing the business of content creation and distribution. Applications also entail a vast collection of attack surfaces for adversaries to pursue.
Ransomware has gotten a lot of attention. According to Forbes, cybersecurity firm SonicWall reported about 3.8 million ransomware attacks in 2015, which skyrocketed to 638 million attacks in 2016. The best way to protect against ransomware criminals is proper offsite backup, and it's critical to note that many organizations don't set up backups at all. Or if they do, they do so improperly, and so the primary data and the backup data often get compromised in the same event.
Although some people still fear the putting content in the cloud, this fear is irrational. We find that most people fall into one of three categories: irrationally confident in the cloud, irrationally afraid of the cloud, or somewhere in between. We advocate that everyone should be in that third category. A healthy dose of skeptical paranoia combined with a reasoned approach to risk-taking is how executives should consider pretty much any business decision, including whether to adopt cloud services.
Content assets are more at risk in a cloud environment than in physical media, because the attack requirements are lower. However, it is worth noting that the only unhackable system is one that is disconnected and buried in concrete - and how usable is that system? All aspects of any business make tradeoffs, and there are ways to utilize cloud services that are effective in minimizing risk.
The primary risks of utilizing cloud services are the same risks as not using cloud services: exploitable design flaws, exploitable implementation flaws, improper configuration, broken trust models, and so on. Fundamentally, the only difference between cloud and on-premise is that someone else owns the hardware. The manner in which an organization must consider adversaries, architect systems, and protect assets are essentially the same whether or not they own the hardware. Cloud actually even offers some security upgrades: while the primary tradeoff of utilizing cloud services is that an organization entrusts the data to someone else's hardware, the benefit return is that the cloud service providers are constantly investing in hardware upgrades, have extreme physical security measures in place, and have the latest and greatest of everything. A company that manages their own equipment on premise usually tends to not invest as heavily or as frequently in upgrades.
All studios require their technology vendors to undergo some sort of security testing prior to approval to access content, and most require the vendors to pay for it. In many cases, all organizations on both sides of that equation do not understand the assessment methodology that is required, and there is usually a drive towards cheap pricing rather than through assessment. But security is not overhead to be reduced, it is a business enabler to be invested in.
Bigger companies tend to be the more common targets, but smaller companies tend to be lesser able to defend themselves or afford adequate security measures. At the same time, smaller companies tend to be the engines of innovation, and the bigger companies (such as the studios) partner heavily with smaller companies (such as many of the technology vendors). Attackers know this. Malicious campaigns are often organized around what is known as a stepping stone attack, which is targeted at the smaller vendor companies that have lower defenses but the same access to the extreme valuable content assets. In the event of a compromise, both the small company and the big company thereby get hurt.
Steps companies should take right now to protect themselves are to understand and adhere to principles of secure design. I recently wrote a whitepaper on this topic, which you can read here. My advice is to invest in a proper security assessment, and avoid more cursory approaches like black box penetration testing, automated scaring, or reliance on compliance. Investigate your systems for weaknesses from the perspective of the adversary. Because, whether you do or do not approach your security weaknesses thoroughly, make no doubt about this: the adversaries will.
Most recent headlines
17/02/2025
TVBEurope talks to the team who brought a piece of broadcasting history back to life on BBC Wales last night
By Jenny Priestley
Published: February 14, 2025 ...
17/02/2025
Eligible studios will receive the relief directly from their local authorities, with no need to submit a claim
By Matthew Corrigan
Published: February 17, 20...
17/02/2025
As DEI initiatives come under pressure in the USA, supporters of Rise, which promotes diversity in the media and entertainment sector, discuss the continuing im...
17/02/2025
EIB Global loan will partially fund SES's continued O3b mPOWER medium earth orbit (MEO) fleet expansion enabling additional capacity worldwide. O3b mPOWER s...
15/02/2025
At Nielsen, Business Resource Groups (BRGs) play a critical role in nurturing a ...
15/02/2025
Innovation to empower creativity: Explore the latest in Lightroom
Rob Christensen February 15, 2025
0 Comments
Whether you want to remove distracting ...
15/02/2025
Wisycom, a worldwide leader in RF technology and provider of wireless solutions, announces a new distribution agreement with EQUAPHON. An Argentinian profession...
15/02/2025
DPA Microphones, the leading manufacturer of high-quality microphone solutions, is pleased to welcome Nicholas Nick Mariano and Vincent Vince Divine to the ...
15/02/2025
Tuxera, a leading provider of quality-assured file systems and networking solutions, will showcase how Tuxera Fusion SMB enables unprecedented performance for m...
15/02/2025
Bitmovin's latest Video Developer Report indicates an increasing role of AI, the slow adoption of next-generation codecs, and continuing challenges when it ...
15/02/2025
When Michelin Enterprises set out to promote its prestigious Hotel Guide in the new Sleepless in the Kitchen , campaign, veteran German/Slovenian gaffer Robert...
15/02/2025
Formula E, the world's first all-electric racing series, revolutionizing motorsport with cutting-edge technology and a commitment to sustainability has sele...
15/02/2025
Agile Content, a global leader in TV and video technology solutions, announces its rebranding to AgileTV.
The transition to AgileTV stems from a commitment to ...
15/02/2025
Hiltron Communications will promote the latest additions to its range of satellite communication products, systems and supporting services at GovSatCom 2025. Th...
15/02/2025
Following the success of the original Airglow Booklight, DoPchoice debuts a new addition to their inflatable line the Float. This lightweight, inflatable, round...
15/02/2025
LAS VEGAS Marshall Electronics has announced that it will debut its newest camera controller, the RCP Plus, at the 2025 NAB Show at Booth N2649 between April 5 ...
15/02/2025
ATLANTA Gray Media has named Blake Sebo as the next general manager of KTUU and KYES, Gray's NBC and CBS affiliates in Anchorage, Alaska....
15/02/2025
KOKKEDAL, Denmark DPA Microphones will feature its new CORE+ technology for distortion-free microphone sound at the 2025 NAB Show, April 5-9, in Las Vegas....
15/02/2025
SWANSEA, U.K. QuickLink will launch StudioPro-NDI and StudioPro-3, two new models of its QuickLine StudioPro video production platform, at the 2025 NAB Show, Ap...
15/02/2025
Live From 2025 NBA All-Star Game Weekend: After 25 Years, Turner Sports All-In F...
15/02/2025
NASCAR Driver Cam on Max Embraces Cloud-Based Workflow for 2025 Season Chris Brown of WBD Sports says Mobii will play key part in delivering signals from the tr...
14/02/2025
Last month, we officially launched the Spotify Partner Program, a powerful new m...
14/02/2025
From an island off the coast of Lutruwita to the global stage in France SBS & ...
14/02/2025
The future of electro-optical/infrared (EO/IR) land systems is evolving so that ...
14/02/2025
Here are 5 reasons why you should attend ISE 2025
Discover more about Calrec: Learn more about Calrec's legacy of innovation in broadcast audio solutions ...
14/02/2025
World Radio Day: On the same wavelength
By Graham Murray, International Sales Manager at Calrec
To mark World Radio Day, Calrec's International Sales Ma...
14/02/2025
DALLAS and TYSONS, Va. Tegna has concluded a broadcast rights agreement that makes Tegna's KFAA in Dallas the exclusive local television partner of the Dall...
14/02/2025
Amazon's Prime Video has released a new app for Apple TV that the streamer said delivers an improved streaming experiences with faster scrolling, improved s...
14/02/2025
CLEVELAND Telos Alliance announced a software update for its Axia Quasar XR and SR line of audio-over-IP (AoIP) mixing consoles and will show the offering at th...
14/02/2025
Puget Systems Returns to HPA Tech Retreat 2025 with New Analysis Tools for Puge...
14/02/2025
Glass Animals: Tour of Earth Uses Blackmagic Live Production Workflow
Brie Clayton February 14, 2025
0 Comments
80six deploys Blackmagic URSA Broadcas...
14/02/2025
A dispute between Paramount and Youtube TV that would have pulled CBS stations and Paramount's cable channels from the streaming service has been temporaril...
14/02/2025
Colourist Deidre (Dee) McClelland details how she helped shape the distinct look and feel of whimsical Oscar-nominated stop-motion film, Memoir of a Snail
By C...
14/02/2025
BitFire said it intends to introduce forward-looking services that simplify the launch of live production workflows, and enhance real-time collaboration
By Jen...
14/02/2025
The claim by the liquidators is the latest twist in the ongoing saga of the companys collapse at the end of 2021
By Matthew Corrigan
Published: February 14, ...
14/02/2025
A carriage dispute between YouTube TV and Paramount could come to a head today (Feb. 13), with the virtual pay TV provider threatening to pull all of the progra...
14/02/2025
ENGLEWOOD CLIFFS, N.J. LG Electronics USA has opened a new in-house, state-of-the-art virtual production studio at its 360,000-square-foot North American headqu...
14/02/2025
NEW YORK In a bid to help local broadcasters find new ways of monetizing their content, the Coalition for Innovative Media Measurement (CIMM) and TVB have relea...
14/02/2025
WASHINGTON Three Democratic U.S. Senators have sent a stern letter blasting FCC Chair Brendan Carr for the weaponization of the agency for attacking broadcast...
14/02/2025
Years after launching the streaming service Apple TV+ in November of 2019, Apple has finally released a version of its steaming app for Android devices....
14/02/2025
FOOTHILL RANCH, Calif. Red Digital Cinema will make its V-RAPTOR [X] and KOMODO-X camera systems available with Nikon's premier Z Mount, providing filmmaker...
14/02/2025
DAYTONA, Fla. The Fox Sports production of this year's Daytona 500 will see the addition of a few new tech elements and the continued unfolding of the broad...
14/02/2025
Watch Bryson Battles Blind Audition on The Voice Get a Four-Chair Turn Michael Bubl said the Boston Conservatory at Berklee musical theater senior might have...
14/02/2025
2025 Daytona 500: FOX Sports Looks To Ride Super Bowl LIX Momentum Into NASCAR S...
14/02/2025
14 Feb 2025
VEON's Kyivstar and the Come Back Alive Foundation Raise USD 2....
14/02/2025
Max Renews THE PITT, Starring Noah Wyle, For A Second Season
Max
Warner Bros. Television Group
The Pitt
New Episodes Of The Medical Drama From John...
14/02/2025
This year, Technicolor proudly celebrates 110 years of shaping the magic of cinema pioneering color, visual effects, and innovation that bring unforgettable l...
14/02/2025
NBA All-Star: More Games, More Teams, More Music, More Sound From the Court Turner Sports' team will deploy familiar tech to capture all the audio By Dan D...
14/02/2025
LIV Golf Continues To Innovate With Drones, Data-Driven Graphics, and All-Access...
by Debra Kaufman
