So, the big topic that is on the tip of every Tom, Dick and Harry’s tongue is content security. Chances are, you’ve heard that a few high-profile companies have fallen victim to ruthless cyber-attacks recently. As Simon Harper, channel marketing manager, Sony has said: “it sounds like a mediocre science fiction film, doesn’t it?” In fact, Simon has pointed out that the National Cyber Security Centre’s ‘Cyber Security Break Survey’, published in April, revealed that nearly seven in ten large businesses identified a breach or attack in 2016. Scary, right?
If you haven’t heard of the Workflow Innovation Group (WIG), it was started back in 2009 by a group of small companies dedicated to solving the woes of the broadcast technology community. Right now, we are on a mission to tackle the thorny and painful issue of content security. Our next event is in October this year at the Principality Stadium, Cardiff, where we are all going to be learning from the broadcast community about the challenges they are facing and what they are doing about it. We will also be discussing the best ways to combat those challenges using technologies that are integrated into the way that they work.
But first, we’re going to explain to you exactly why the recent scandals are simply a drop in the ocean. It is happening to everyone – and it could happen to you.
It’s everywhere
The truth that most of the industry doesn’t want to acknowledge is that it isn’t just high-profile targets that are being hit by this wave of cyber crime. It’s happening to everyone, from every industry. Like Mathew Gilliat-Smith, CEO, Fortium has said, “There are plenty of examples. Some high profile, some small and quiet.”
Even we have experienced emails requesting bank information that had supposedly come from our CEO. Luckily, we share offices and knew that this wasn’t true. But wouldn’t that have been awful? A data security company leaking banking information and probably being robbed blind? As ironic as that situation could have been, it probably wouldn’t have been broadcast. So, how many other stories do you think go untold?
Pull your pants up Charlie!
So, why are media companies so vulnerable? Something all of us can agree on is that media companies have the terrible habit of storing all of their data in one place. Not only that, but we all know how much consumers value content. “It’s the trophy and high profile aspects of what media companies do,” says Gilliat-Smith. The fact is that media companies are holding the crown jewels in their storage, and that is easily recognisable to criminals.
Harper has argued that “the fact is that content is the most important asset in the media industry”. The anticipation of a series finale, or the strong wish not to expose spoilers makes the leverage potential for stolen content extremely high, and therefore extremely valuable. Harper commented that “valuable data should always be backed-up in at least one, preferably two places.” So why aren’t they?
Media companies are also vulnerable because of the methods of their workflow. Gilliat-Smith commented that “[media companies] are typically working with multiple third parties, and the more people involved, the larger the vulnerability.” This opens the companies up to both internal and external weakness in security. Furthermore, Patrik Malmberg, marketing manager, Vidispine has pointed out that “the infrastructure aspect with a lot of legacy software and hardware built on top of each other to solve integration problems, simply makes security issues harder to find and address.”
Implementing a proper security platform can easily combat this, as can encryption of content so that even if it is accessed, it can’t be used as leverage. Fortium highly advocates the method of encryption at rest that stays with the file throughout the pre-release. Many companies have encryption standards for content when it is in transit, but fail to protect the files when they are at rest. This can be difficult and cause programming issues. However, companies like Fortium have developed solutions to make this easier for users.
Darkness at the end of the tunnel?
What does the future look like for media companies? Will they continue to fall victim to these attacks? Yes. A very big, resounding yes. Not only is content going to never lose its value, as OTT continues to make a rapid rise, but it “is a cat and mouse game” as Gilliat-Smith pointed out. Not only are media companies reluctant to invest in the needed security measures but overall seem uninformed of the sheer vulnerability of their systems.
This current situation of large name companies falling victim to the simplest of hacks, is only going to get worse. Malmberg has commented that “We think the situation will become worse over the next year(s) as equipment gets older. The shift to cloud can, if done badly, also make the situation worse before it gets better. However, moving things to cloud will hopefully be a part of modernising infrastructure and workflows, which in itself will help with security.” As we have seen time and time again, companies are failing to recognise the issue here.
Something to take away
The main message that we are trying to get across here is that with the evolution of technology over the last few years, media companies have become outdated and underprepared for cyber attacks, as we have seen. This, as well as the emergence of cloud storage and the considerations of a third party workflow has resulted in content being unsecure. We, as a collective, think that this isn’t something that can ever be completely overcome. We are all well aware that there is only so much preparation that can be undertaken to ensure data security, but the subject has been painfully overlooked and disregarded by the industry in the past.
Like Malmberg has said “Security is not only about technology, but also about processes and people.” Yes, the framework of security for your company will be based on technological solutions, but it is also important to make sure that your workflow is efficient and reliable. It is because of attempts to keep costs low and cut corners in security that companies are so vulnerable. Now we are witnessing the age old term of ‘you reap what you sow’. So, come on media companies, it is time to listen.
By Nick Pearce-Tomenius, sales and marketing director, Object Matrix
With contribution from Fortium, Sony and Vidispine