CDSA

As technology and entertainment grow more and more integrated each day, the need for reliable cybersecurity measures in the media and entertainment industry has never been higher, according to Qvest.



But security assessments, such as the Motion Picture Association’s Trusted Partner Network (TPN), protect content from script to screen, Qvest said July 12, during its LinkedIn Live webinar, “Protecting your Content from Script to Screen with TPN,” with panelists from Qvest’s Cybersecurity practice as well as TPN.


“We’ve been doing security assessment and a lot of customers have been happy with the results,” according to Aaron Mathews, head of cybersecurity New York for Qvest. “But in terms of the underlying objective, the goal really of TPN or any security assessment is sort of identify weakness in our security posture so that they can take action and improve the defenses against cyberattacks,” he said.

Meanwhile, “in terms of the impact to our clients, I’ll share a couple of real examples,” he said: “So this is about one of our major studios, where we were conducting an assessment of their network infrastructure. We discovered gaps in their CDN and, more specific, those gaps were related to the authentication protocols, which were obsolete and making [the] entire infrastructure vulnerable to cyberattacks and there was another high risk finding for that client that came from the fact that they used a third-party provider.”

What that client did, he recalled, is “first they decided to update their infrastructure with the latest encryption technology, just to make sure that their authentication methods are secure, and then they started to do a full due diligence check for all of the third-party providers.”

He added: “So that way they were able to remediate this on a high priority. Yes, this was for one client. One of the recent examples for another client [at] a game development studio [was] they wanted to protect their intellectual property.”

During “post assessment,” he said, “we discovered two real vulnerabilities. One was in their source management system where they used to store all of their IPs. And second was about the employee training. Which is usually overlooked. And, and you know, it’s poorly designed across all industry, not just media, but for this client security training, especially in their security training, they were missing the key topics on it protection.”

Therefore, he recalled: “First what they did is they quickly implemented the controls to protect their source management system, which was their actual source of depositories.

And, second, they started conducting regular training sessions to educate their employees on the importance of protecting their intellectual power.”

So those are “just few of the examples. I’m sure there are a lot out there, that you know, definitely serve [to remind] all of us of the side effects that could really compromise the security of the most important asset, which is the content,” he said.

Also speaking during the session was Melody Giambastiani, program manager at TPN. Moderating was Candice Lu, Qvest EVP.