Boutique cybersecurity consulting firm Taksati was founded a simple yet crucial premise: no two companies have the same security needs, and media and entertainment companies are best served by a customizable approach when it comes to both security architecture and incident response.
Capable of offering solutions for both small companies operating via cloud services with just a few workstations and worldwide enterprises that need multiple data centers in multiple countries protected, Taksati’s cybersecurity consulting approach is anything but “cookie cutter.”
Taksati’s Christopher Taylor spoke with the Media & Entertainment Services Alliance (MESA) about the specific security needs facing M&E firms, the company’s approach to incident responses, and why vendor risk assessments are more crucial than ever before.
MESA: How did Taksati Consulting first come about, what was the impetus for the company, what gap in the cybersecurity consulting market has the company sought to fill?
Taylor: Taksati Consulting has been providing incident response, security architecture, and security awareness training services for years. During a recent engagement with a major studio, it became apparent that the media and entertainment industry had unique challenges that many security vendors were not tailoring their approaches to meet. Taksati combines decades of experience with digital forensics and incident response, security program design and review, security control development and implementation, and security operations with a keen knowledge of film production workflows, needs, and requirements in order to provide solutions that specifically meet MPAA best practices and requirements of the major studios.
MESA: Taksati Consulting’s stated approach to cybersecurity is that not one size fits all, and that cybersecurity can be implemented as a business enabler, not as a blocker. What makes Taksati’s approach to cybersecurity solutions unique?
Taylor: Companies in every industry employ computers and networks to get business done. In such, M&E faces all the same issues every other company, from banks to hospitals to manufacturing plants, face when it comes to malware protections, breach remediation, and general enterprise security. But, M&E companies face several challenges that are specific to this industry. They place their entire worth in their intellectual property; a leak of pre-release content could cost a company millions and reputational damage could prematurely end a company.
Due to the short-term nature of film projects and the transient nature of the staff, M&E companies need to be more flexible and react quicker to changes than typical enterprise network security practices will allow. Taksati understands these unique needs and can tailor solutions to ensure that content is protected while business isn’t overburdened by restrictive policies and tools.
MESA: What can media and entertainment be doing better today to prevent cybersecurity incidents, and, after an incident has occurred, what can they do better to mitigate the impacts of a breach?
Taylor: M&E industry is by no means immune from the security incidents that seem to plague the headlines on a near daily basis. HBO was recently in the headlines for a major content breach. Just prior to that the same attacker that stole and released ‘Orange is the New Black’ online claimed to have 37 other titles from multiple studios ready to release. A good security posture can reduce the risks these types of breaches present and can make responding to them considerably less costly.
Taksati can assist with setting that posture by putting in place the proper tools, processes, and culture to protect your content, and can assist in responding to these incidents by leveraging our decades of incident response experience to quickly identify the leak and close it.
MESA: How does Taksati approach, in general, the training aspect of cybersecurity for M&E clients, and how might that training approach differ for upper management vs. entry-level employees?
Taylor: Taksati Consulting has decades of experience providing training at all levels, from deeply technical training to security staff on how to respond to incidents to high-level introductory courses for board members so they understand the importance cyber security plays in their business.
MESA: What services or offerings in the cybersecurity space might we see next from the company?
Taylor: Taksati offers several services specifically tuned for the M&E industry:
• Security risk assessments: Every vendor that would like to work for a major studio ends up providing that studio the results of a cyber risk assessment. We can assist that vendor this process by acting on the vendor’s behalf to make sure the studio is satisfied and that whatever controls are needed are implemented in a way that is most effective, fiscally sensible, and causes the least burden on the vendor.
• vCISO: Smaller companies that do not have a dedicated security staff are still at risk and need security guidance. We can provide that strategic guidance to help ensure the company is still protecting their assets without the burden of expensive and difficult to staff full-time positions before the company is ready to commit to those resources. Taksati Consulting can bring decades of experience to bear to get the company from zero to secure as quickly as possible, ensuring that the security roadmap for the company is going the right direction from the start.
• Incident Response: Should a company incur an incident, Taksati has the experience and knowledge to lead the company to a speedy and complete resolution. Whether the incident is a malware outbreak, active data breach, or civil or criminal dispute requiring digital forensics support, we have experience dealing with every kind of incident imaginable and can expertly guide you through the process.