We live in an era of instant gratification where customers increasingly expect products and services on demand. Media and Entertainment (M&E) is no different, with hyperconnected viewers, listeners and readers now seeking access to their favorite movies, sitcoms, music, live sports and other content anytime, anywhere.
This dynamic has fuelled the growth of a multi-platform content ecosystem, where M&E companies are delivering Internet protocol (IP)-based services such as online radio, hybrid TV, second screen and video on demand (VoD). As a result, your businesses are increasingly becoming an integral part of the cyber world, thereby becoming vulnerable to various security risks.
And, the risks are for real. The number of information security incidents detected by Entertainment, Media & Communications (EMC) organizations rose 26% to 7,674 in 2016, with the consequent financial losses soaring by 81%, according to a PwC survey.
Worryingly, the breadth and scope of cyber attacks are broadening by the day, even as you aggressively digitize your production, marketing and distribution to maximize content ROI.
Ransomware has emerged as a major attack vector, as highlighted by the recent pre-release pilfering of the latest sequel of a blockbuster movie produced by a leading US media conglomerate. A similar event transpired at a major over-the-top (OTT) streaming media and VoD company, where cyber thieves hacked into the production systems of one of its vendors, and uploaded fresh episodes of a TV series online.
Distributed denial of service (DDOS) and web application attacks remain another leading source of cybersecurity breaches across the M&E landscape. Here, miscreants typically try to crash websites by overloading them with requests, apart from hacking online applications having so-called unpatched flaws. The DDOS inflicted on a prominent Internet infrastructure company in late 2016, wherein users of dozens of M&E websites were denied access, underscores this threat.
Beside, spear phishing and piracy continue to pose significant risks to the security of M&E assets, not to mention the hefty monetary implications of content being distributed illegally through peer-to-peer (P2P) file sharing networks.
How to respond
Considering these different types of cybersecurity breaches, how can you then effectively address the underlying risks, and minimize the adverse reputational and business impact?
Here are five mitigating measures you could take to protect your intellectual property and boost profitability, while delivering differentiated and superior services to your customers:
- Institutionalize cybersecurity governance: Create awareness regarding cybersecurity among all key stakeholders across the value chain, including your partners and vendors. Build a dedicated team for clearly defining various objectives of content protection initiatives, and tracking the outcomes of the same. Also mandate this team with the task of establishing a robust security hierarchy for your organization. In tandem, you should define wide-ranging scenarios for potential breaches across your content delivery chain, and accordingly, derive probable security threats to take informed decisions regarding how best to execute corporate risk management programs.
- Enact third-party controls: Many of your partners in the production and post-production stages of the content lifecycle are small firms that lack the requisite resources to defend themselves against sophisticated cyber-attacks. Therefore, you must engage with them to get visibility into their information systems, in line with the guidelines framed by the Motion Picture Association of America (MPAA), for better network security management.
- Better design media applications: Merely focusing on the Digital Rights Management (DRM) aspect of content protection, won’t suffice in a thriving ecosystem of apps and Web-based services. You must ensure your front-end applications, such as those developed for Android and iOS mobile devices, are safe, in order to prevent hackers from using the same as entry points for content hijacking.
- Centralize incident management: Roll out centralized incident management programs spanning the end-to-end cyber-attack lifecycle, including Security Information & Event Management (SIEM), threat intelligence enhancement and forensic case management.
- Adopt best practices for “process security”: Enhance the security levels of connections across your IT landscape by using encrypted HTTPS protocols, locking down network ports that are unnecessarily open, and monitoring the various linkages. Also, embrace two-factor authentication, involving the usage of a physical device or token alongside a password, to make your workflows more robust. Simultaneously, conduct regular penetration testing to proactively detect and plug any holes in the security perimeter.
The importance of cybersecurity for your business will only continue to grow, as consumers–particularly the millennials–increasingly switch to digital channels for their dose of entertainment and information. New types of online attacks will emerge, requiring you to be agile, iterative and flexible in your response.