CDSA

Pandemic Has Complicated M&E Security Needs: DigitalFilm Tree

The huge global shift to remote work as a result of the COVID-19 pandemic have complicated the security needs of media and entertainment companies, and made it crucial for them to make certain that content and other media is guarded at all employees’ homes, according to DigitalFilm Tree executives.

“Boy, has life changed,” DigitalFilm Tree CEO and founder Ramy Katrib said July 23 during the webinar “Secure Post in the Age of COVID – Guarding Your Media From Hackers.”

“I just find myself washing my hands all the time” and also “wrangling every manner of web communication product in the universe,” he noted.

One thing that Katrib said he realized was an important issue during the early days of the pandemic, in mid-March, was security at home, he recalled. And there has “been such a profound change” seen since then, he said.

After all, the M&E industry is facing a new era that was disrupted and transformed almost instantly in March. Everybody is working from home now if they work for an M&E organization, regardless of what position they have, and phishing scams have been targeted at everybody because, with shows moving into the home and relying on consumer Wi-Fi, hackers took note.

COVID-19 prompted M&E organizations into a season of “forced innovation,” according to DigitalFilm Tree. Remote solutions for creative professionals had long been considered a luxury for those with the power to work from home, but when the pandemic hit, that luxury became a ubiquitous necessity.

In the news, we can see that hackers are even going after the very institutions trying to solve the COVID problem with vaccines, Katrib pointed out.

Fortunately, the M&E sector is a “resilient” community, he told viewers, noting: “Everyone has been not only coping, but adapting and solving problems as a community.”

The Diversity Within Your Organization

“There’s a really key part of diversity that I think people forget about,” DigitalFilm Tree COO Nancy Jundi told viewers. “We talk about race, religion, socioeconomic backgrounds – things like that. But inside of an office, the biggest disparity in diversity is actually understanding how wide a chasm there is between what accounting does versus what a colorist does versus what the facilities manager does, etcetera,” she noted.

One issue is “you don’t always know as a creative how your choice to purchase” a particular piece of software “might impact other people in the facility” you work at, she pointed out.

“The more that we were able to educate people in-house on how their decisions impacted other people, it actually created a more authentic communication,” she told viewers. “Why that’s important is because every single one of those people, down to the janitor, if they have a DigitalFilm Tree email, you’re a target in this building,” she pointed out. Even part-time staff are vulnerable. If a hacker can tell who the editor of a certain TV program is, for example, that hacker may go after that person’s Wi-Fi, Jundi warned.

A “social engineer” may clone or mimic the CEO’s email and email a person at the company, pretending to be the CEO, claim there is an emergency and ask that employee to spend $3,500 at the Apple store for an iTunes gift card, she noted. “You’re put in a compromised situation because you want to make your CEO happy, but you’re about to spend $3,500” and may not want to question the CEO, she pointed out.

DigitalFilm Tree has learned to look for issues like those, she told viewers. After all, we are all human and can’t be perfect all the time. Many people are bound to fall for phishing scams like that. And that is why intrusion detection is so critical.

Over the past several years, DigitalFilm Tree has invested heavily in security, Katrib pointed out. However, “just to be candid, it’s super hard for a small boutique post house to invest earnestly in security,” he noted.

DigitalFilm Tree has been around 21 years and was always a tech and creative  R&D company, he noted. But security became a creative design process for it that it treats like other things at the company, he said.

Having creative people hang out with IT people is an important part of what is a “profound process” in which “all the stakeholders” at an M&E organization “have to come together – they have to speak together” and “translate all [of] each other’s vocabulary,” he said.

When COVID-19 happened, DigitalFilm Tree “immediately… pivoted to  the home” to focus on security, he went on to say, noting it developed a Network Intrusion System for professionals doing their jobs from home.

Prior to COVID-19, complex media security solutions were generally focused on the facility side alone, and DigitalFilm Tree—having spent the last several years deploying cloud-based, network infrastructure for remote workflows (including dailies, editorial, color, VFX and online)—found itself uniquely poised to quickly help others catch up to the urgent challenges of remote security.

“When COVID happened, the first like house on fire situation was editorial,” Katrib told viewers. “All of a sudden, studios were being shut down. We were working on several projects where they just found out [in] 24 hours you’ve got to go home.”

And, while “some people are decked out at home, some people still have DSL at home: I mean you’re talking about massive variables across the board on people who work on the same show,” he said.

And “a lot of people have no idea that they have crappy Internet” at home, Jundi pointed out. They stream movies fine on Hulu and Netflix and their kids play video games fine all day long without issues, so they figure their Internet service is just fine, she noted.

“But have you actually ever tried to upload a large file? That’s when you find out how good your Internet really is,” she said, suggesting that everybody check the speed of their Internet connection if they haven’t done so to find out how fast their speed actually is. Some upgrades, after all, are “ridiculously affordable,” she noted.

An Educational Process

“Network intrusion at home is something that is literally like an educational process that we’re going through with our friends, our colleagues. It was not a hot button topic pre-COVID,” Katrib conceded.

“But now it’s really something we all need to discuss because here’s the good news: There is a plethora of awesome solutions,” he pointed out, noting those solutions include software-defined Virtual Private Networks (VPNs) and hardware solutions. “There is such a remarkable amount of innovation in this area and we’re fortunate because now people who are studying it, designing the best security for any given project really have a lot to choose from. In our case, we look at everything out there. We study it. We research it and where there is a gap – something that’s just not filled – then we decide to fill it. And often times, it’s based on the feedback from our clients – and that is what’s so intense right now because any given client has a different use case. If you’re editorial, that’s one use case. If you’re visual effects, that’s another use case.”

Latency and how much high fidelity viewing you have at home are among the issues to consider, he noted, adding: “It’s kind of a pileup of use cases right now, but the one common denominator is they’re all playing out at home.”

Even rival organizations in the industry should collaborate when possible to help solve problems that could benefit the entire sector, he strongly suggested.

“The one chorus I’ve heard over the last two weeks is working from home has challenges,” he said, adding: “People are describing the experience as like it never ends. It’s like I can’t get everything done. It’s like they know I’m here so I can’t escape. I can’t hide.”

Some Security Suggestions

When it comes to selecting passwords, Jundi had a few suggestions: Don’t use your birthdays or the names of your kids or your mother’s maiden name. And “definitely don’t use your dog’s name,” she said, noting how easy it is for hackers to figure out such passwords.

And beware of all those social media quizzes many of us see all the time and even take also because “someone is watching” — and it could be a 14-year-old kid who wants to steal your airline miles and sell it on the dark web for $100 per 10,000 miles, she warned.

Jundi had one more suggestion: “If you’re struggling with a kid who is sitting online playing multiverse games and connecting with other people online so that they can play [a] game together, that is the backbone of everyone protecting us on the web,” so “let them have a moment; they’re building something in their brain that will build something far bigger later on.”