Film Industry’s Fight Against Cyber Attacks
Making a feature film or television series is an expensive exercise. Production costs and marketing can push even a modest project into the multi-million dollar category. t’s these costs, together with the need to recoup them through distribution deals, that has studios increasingly concerned about the threat posed by hackers. Stolen content posted on the internet can cause a drop in box office sales and a dip in television audiences.
The issue was highlighted earlier this year when a hacker dubbed the Dark Overlord stole multiple episodes of the hit Netflix series Orange Is the New Black and released them online after failing to secure a ransom payment. The cyber-criminal has boasted of harvesting even more material from other studios.
Meanwhile other hackers allegedly breached Disney’s film production unit and claimed to have obtained a major movie. They then threatened to release it if the studio didn’t make a ransom payment. Disney, working with the FBI, ultimately determined that no hack had actually taken place however the event pushed cyber security high up the company’s priority list.
Hacking might have been going on for decades, however holding hacked content hostage is a more recent trend. The hacking of entertainment company Sony in 2014, ascribed to the North Korean government, seems to have marked a turning point. Attacks, whether via social-engineering or unauthorised human intervention, are shifting up the content-handling chain and promise to become more expensive for content creators if they succeed.
Interestingly, consumers are not totally sympathetic to the plight of the industry. Industry research reveals around a third of consumers admit to watching pirated content and are unmoved by the potential financial damage it causes to studios.
Totalling the cost of piracy to content creators is difficult and industry estimates vary widely. There is widespread agreement, however, that the amount is in the billions of dollars each year.
The risk is undeniable and content creators are constantly searching for ways to counter it. It’s been suggested that studios and post-production houses should take their video assets offline and handle them internally via closed networks, however this is not the best answer to the problem.
While nothing is 100 per cent effective against social-engineering attacks, following some best practices for security can reduce exposure. They include:
– Ensure all connections are secure: Lock down all network protocol ports that are unnecessarily open. Know what is connecting to what and eliminate weak links in the chain. Surprisingly, there are still systems that use unencrypted HTTP rather than HTTPS.
– Initiate two-factor authentication: Combining a password with a physical device or token provides is far more secure than using passwords alone.
– Perform regular penetration testing: Check to make sure there aren’t holes in the security perimeter. Regular testing is essential.
– Consider DRM: implementing digital rights management (DRM) into the production cycle can strengthen security and thwart illegal access and copying.
– Foster discussion: Ensure everyone in the organisation is aware of security best practices. Traditionally, production teams have assumed cyber security is handled by the IT department however, in this new environment, everyone needs to be aware of the risks.
Cyber crime is an issue that spans every part of the content lifecycle and no single organisation can solve it alone. However, having a heightened focus on process security will help keep movies and television shows as secure as possible. The result will be a more resilient industry better able to deal with the challenges of operating in a digital world.
Source | cso