You will be redirected back to your article in seconds

Hollywood Under Cyberattack: How to Defend Against the Big Hack (Guest Column)

The Dark Overlord is threatening the content community. Time to unsheathe your lightsabers.

“The Dark Overlord,” of course, is the person or persons who took credit for stealing 10 episodes of Netflix’s “Orange Is the New Black” season five and then released them after the company rebuffed ransom demands — and more recently, leaked unaired episodes of ABC’s “Steve Harvey’s Funderdome,” obtained through the same hack. The cybercriminal has boasted of harvesting even more material from other studios.

Other hackers allegedly targeted Disney’s film unit, claiming to have obtained a major movie and threatening to release it if the studio didn’t make a ransom payment. Disney, working with the FBI, ultimately determined there was no successful hack in that case — though CEO Bob Iger said cybersecurity is a “front-burner” issue for the company.

Hacking may be decades old, yet holding hacked content hostage is a newer phenomenon. The infamous Sony hack in 2014, ascribed to the North Korean government, seems to have marked a turning point of sorts. Threats — whether via social-engineering attacks or unauthorized human intervention — are moving further up the content-handling chain and promise only to mount.

Consumers are not entirely sympathetic to the industry’s plight. Fully 32% of consumer say they watch pirated content, and 39% say they are unmoved by the potential financial damage to studios and others, according a survey commissioned by digital security tech firm Irdeto.

So what is piracy’s cost to the content community? Estimates vary widely, ranging from the $6.1 billion a year suggested by the MPAA and LEK Consulting to $20.5 billion annually in costs to the broader U.S. economy, per a MPAA-commissioned study by the Institute for Policy Innovation in 2006.

Claims about the economic impact of piracy are hotly contested. What is not in dispute is that the impact is greater the further up the supply chain piracy occurs. A single end user sharing a Netflix password costs the company $10 per month; a single download of pre-released content, such as “Orange Is the New Black,” could cost millions.

The risk is undeniable. It’s a problem studios and their partners do not need — and certainly do not need to exacerbate. What would make the problem worse? Panicking, and making bad decisions.

It has been suggested that studios and post-production houses might consider taking their video assets offline, handling them on-site via closed networks and thus reducing the option of automation. This would be an example of a bad decision — akin to the FBI working without the benefit of mobile communications.

Setting aside the increased costs, in terms of both labor and delays in getting content to market, there are a myriad of reasons offline processing might only compound security problems. Those include heightening the risk of data-entry error and introducing additional touch-points to the process that potentially increase the studio or post house’s vulnerability to an “inside job.”

Instead, the content community must think in terms of rigorous security procedures that are drummed into personnel, backed up by an audit trail that logs every person and event that touches a video asset.

Realistically, however, nothing is 100% effective against social-engineering attacks. But following some best practices for “process security” would reduce exposure:

  • Ensure all connections are secure. Lock down all network protocol ports that are unnecessarily open. Know what is connecting to what. Eliminate weak links in the chain. Surprisingly, there are still systems that use unencrypted HTTP rather than HTTPS.
  • Initiate two-factor authentication. Combining a password with a physical device or token provides is far more secure than using passwords alone.
  • Perform regular penetration testing. Check to make sure there aren’t holes in the security perimeter.
  • Consider implementing digital rights management (DRM) earlier in the production cycle.
  • Foster discussion and collaboration regarding security among disparate groups within your organization. Traditionally, production teams have assumed cybersecurity to be the province of the CIO, CTO and information-technology teams. In the new environment, everyone needs to be cognizant of the security strategy and policies.

Ultimately, people at all levels throughout the content community need to remember the mandate to protect the master copies!

Security is an issue that spans every part of the content lifecycle that no one organization can likely solve alone. But a heightened focus on process security — enabled by digital fingerprints — will help power those anti-hacker lightsabers.

Emily Hopson-Hill is global product director for media logistics at online video platform provider Ooyala.

Popular on Variety

More Digital

  • Mark Zuckerberg

    Zuckerberg Defends Facebook's Approach to Free Speech, Says Politicians Will Be Allowed to Lie

    Facebook CEO Mark Zuckerberg went to Georgetown University Thursday to explain his views on freedom of expression, and how it influenced Facebook’s policies around dealing with controversial subjects, including political ads that include outright lies. “I’ve focused on building services to do two things: give people voice, and bring people together,” Zuckerberg said. In his [...]

  • Kids' Programming Will Be a Battleground

    Why Kids' Programming Will Be a Major Battleground in the Streaming Wars

    When “Moana” left Netflix on Dec. 20, parents of little kids let out a collective wail of despair on Twitter and Facebook parenting groups everywhere. The phrase “ruined Christmas” was pointedly used in the streamer’s direction — sometimes facetiously, sometimes with the reflected ire of a preschooler who had awakened one morning to find her [...]

  • Nvidia Shield leak

    Nvidia Shield 2019 Model Leaks on Amazon

    The latest version of Nvidia’s Android TV streamer has found its way onto Amazon.com ahead of an official announcement. The new device features a more powerful processor as well as a new remote control. Nvidia didn’t immediately respond to a request for comment. The latest Nvidia Shield is being powered by a Tegra X1+ processor, [...]

  • Star Wars Jedi Fallen Order

    'Star Wars Jedi: Fallen Order': Respawn CEO on Telling the Story Behind 'Becoming a Jedi'

    When it comes to media properties, it doesn’t get much bigger than “Star Wars.” That sentiment certainly isn’t lost on Vince Zampella, CEO of Respawn Entertainment, the studio behind “Star Wars Jedi: Fallen Order.” The title, which follows Jedi Padawan Cal Kestis (voiced by Cameron Monaghan) after the events of “Episode III — Revenge of [...]

  • Star Wars Jedi Fallen Order

    'Star Wars Jedi: Fallen Order': What to Expect From EA and Respawn's Latest

    There’s a lot riding on “Star Wars Jedi: Fallen Order.” The upcoming title from EA and Respawn is the first major single-player “Star Wars” video game since 2008’s “The Force Unleashed,” and is one of the most anticipated games of 2019. After years of multiplayer adventures, could “Fallen Order” be the title that brings the [...]

  • Katie Couric Olympics

    Katie Couric Plots 'SeeHer Stories' for People Magazine

    Katie Couric’s next assignment: Creating digital videos for People. Couric’s media company, Katie Couric Media is teaming with the Meredith-owned magazine to produce the weekly digital video series “#SeeHer Story,” that will feature short vignettes of female trailblazers and rulebreakers. The series is meant to celebrate the 100th anniversary of the 19th Amendment, which prohibits [...]

  • Wonderscope Willowcrest Manor

    Within Adds 'Willowcrest Manor' Ghost Story to Its Wonderscope AR App (EXCLUSIVE)

    Los Angeles-based immersive media startup Within added another augmented reality (AR) story to its children’s storytelling app Wonderscope Thursday: “Willowcrest Manor” gives kids a chance to become a ghost, haunt a house, and scare intruders away from hidden treasure. Wonderscope, which is available for most recent-generation iPads and iPhones, lets children explore animated stories in [...]

More From Our Brands

Access exclusive content