The 2014 hack at Sony Pictures Entertainment was a watershed moment for the entertainment industry. This week, yet another targeted attack — this one against HBO — reminds us that cybercriminals continue to target Hollywood.
It certainly won’t be the last attack. The challenge: The entertainment industry remains in a digital growth spurt and keeping up and protecting its sprawling supply chain has proven difficult.
In 2016, the media and entertainment sector was among the top five most-breached industries. There were 37 publicly reported breaches compromising more than 42 million records last year among media and entertainment companies, according to the IBM X-Force Threat Intelligence Index.
Most of that represents the theft of personal information like Social Security numbers and credit card numbers, as well as emails and sensitive company information — all of which are of great value to criminals. But it doesn’t take into account hackers’ latest and often more attractive target: content. Not only are entertainment companies tasked with protecting an enterprise with sensitive data of all types, they must secure the high-profile content that’s the lifeblood of the industry.
Everyone Wants Their 15 Minutes of Fame
The blockbuster success of the most popular movies, TV shows and digital content are making the industry one of the hottest targets for hackers looking to make a name for themselves and for sophisticated cybercriminals to make a buck. Spoilers about the buzziest new show or film can be used for extortion, profit or just to give an aspiring hacker credibility on the dark web.
From pre-production casting calls and budget discussions to filming during production, all the way through post-production and finally distribution — we’re looking at a lot of hands and eyes on a single project. Take “Game of Thrones”: More than 3,500 people are credited with working on it. While every person has a unique contribution to the content-generation lifecycle, the scope creates heightened risk and additional exposure to cybercriminals.
Securing a team of thousands — particularly when many are third-party partners — is a lofty undertaking. But there are key steps that media and entertainment managers can take to protect their content and information.
1. Digital Security Background Checks: Before working with third-party vendors, understand how they approach security, assess their software, network, applications, cloud environments, and personnel to ensure it meets your standards. Insist they regularly train employees on ways to identify suspicious activity and phishing emails.
2. Stop, Collaborate and Listen: Digital rights and content-management solutions are a great way to share and control how entertainment companies can collaborate on content without putting it at risk of being compromised. Whether that’s personal information, a script or a full feature film, there are tools and technologies designed to enable secure and efficient collaboration. The key is monitoring and managing who has access – and for how long.
3. Be Aware, Be Very Aware: Security awareness training is key to creating a culture of security. Conduct regular training and implement employee-awareness programs to minimize the human factor – often the entry point for hackers to gain access to company networks. Consider rehearsing a breach with employees and third parties from across an organization to experience simulated cybersecurity tactics in real-life scenarios.
4. Being Prepared Isn’t Just for Boy Scouts: With increasingly sophisticated threats and the cost of data breaches soaring, organizations need to focus on creating swift and efficient responses before incidents occur. Assemble the right team and engage in proactive efforts to improve your security posture. Identify the critical data within your organization. Know where it lives, how it lives, and ensure it is protected.
If content is king, then media and entertainment companies need to take every possible measure to protect its royals. By adopting a holistic, risk-based approach to secure and enable the business — one that includes partners — companies can cultivate a culture of security, so they’re prepared for an attack before cybercriminals come looking for holes to burrow through.
Ahmed Saleh is the global lead, incident response and proactive services, for IBM X-Force IRIS, which provides cybersecurity services, incident management, security intelligence, and remediation. Prior to joining IBM, he spent five years at Disney-ABC Television Group and the Walt Disney Co. working in information security and content technology.