Cyber attacks in the entertainment industry: Protecting your talent, reputation and bottom line
Author: Phil Muncaster
The media and entertainment sector is an unusually diverse and digitally advanced industry. Yet these same unique characteristics mean it is more exposed to internet-based threats. And that makes effective cyber security in the entertainment industry nonnegotiable.
The good news is that despite its relatively large attack surface, the vertical is no different from any other in how it should protect itself. To prevent cyber attacks in the entertainment industry, focus on a layered, best practice security approach that begins with gaining insight into your organization's key vulnerabilities.
How exposed is your business?
The media and entertainment sector covers a huge sweep of organizations, ranging from TV and film production companies to TV and radio broadcasters to newspaper, magazine, book and online publishers, among many others. The supply chain is a key source of risk simply because there are so many moving parts that typically interact with each other in the industry. Key assets could be scattered across multiple companies around the world as content is created, processed, edited and distributed.
The bottom line: Even if your organization is secure, can you say the same about your partners, suppliers and talent?
Your organization could also be exposed thanks to:
- Mass remote working. Even outside of COVID-19, experts claim that creatives tended to work remotely, in a highly collaborative manner and often from personal devices. The trend is even more pronounced today with many more employees working from home, and security can suffer as a result.
- High-profile content. Content in the entertainment industry is as high-profile as it gets and therefore presents an attractive target to cyber criminals and hacktivists keen to monetize it or accrue notoriety by leaking it.
- Social media. Social media is critical in helping talent engage with fans and brands build communities to drive marketing campaigns. But this also exposes them to account hijacking, which could severely damage the reputation of companies and entertainment stars. The threat is not just one of fans clicking on malicious links in a hijacked feed, but also the posting of violent, sensitive and explicit content.
- Web-based assets. Digital assets such as streaming portals, ticketing sites and internal applications proliferate in the sector, offering many more avenues of attack for cyber criminals well-versed in targeting hidden vulnerabilities.
How big is the problem?
A study by insurer Hiscox last year claimed that technology, media and telecoms (TMT) was one of the most heavily targeted sectors during the reporting period, with 44% of firms suffering at least one incident or breach. The motivation for attacks is notably wide-ranging, with nation-states, hacktivists and cyber criminals all posing a threat. What are they after?
Theft of content for piracy or profit
The growth of online streaming has made pirated content a bigger risk than ever before, accounting for billions of views—and billions of lost dollars. Hackers have also held stolen content hostage. In 2017, the Dark Overlord group posted 10 episodes of the TV series "Orange Is the New Black" despite having been paid a $50,000 Bitcoin ransom.
As in many other industries, ransomware is a persistent threat and can strike any point of the supply chain. Last year, New York law firm Grubman Shire Meiselas & Sacks, which represents some of the industry's biggest stars, was hit by the REvil group, which demanded tens of millions of dollars in return for stolen data on some big-name clients.
Nation-state propaganda or disruption
Media and entertainment companies might also be vulnerable to state-backed attempts at economic espionage, distribution of propaganda or other goals. Perhaps the most infamous case was the 2014 breach of Sony Pictures Entertainment by North Korean hackers, who leaked a trove of embarrassing internal emails. In 2015, Russian hackers masquerading as ISIS operatives disrupted broadcasts at French news station TV5 Monde for hours and wreaked havoc on its social media accounts and website.
Defrauding customers and fans
Unlike some other sectors, entertainment and media companies can boast highly engaged and often loyal customers. That also makes them an attractive target. By hijacking the social media accounts of stars, attackers can post malicious links and scams, such as the Bitcoin fraud campaign that hit the Twitter accounts of Kim Kardashian, Kanye West and others last year. Customer accounts for streaming services are also in high demand on the dark web.