LAS VEGAS — Broadcasters and other content creators face many cybersecurity challenges today, but there are various steps they can take to overcome those hurdles, executives at DXC Technology and 5th Kind told attendees at the Content Delivery and Security Association (CDSA) Cybersecurity and Content Protection Pavilion April 24, during the NAB Show.
Broadcasters are facing increasingly complex security threats largely as a result of digital workflows and the expanding use of cloud-based storage, mobile devices and social media that have collectively changed the way these companies are conducting their businesses, according to Steve Wong, director of business development at DXC Technology.
The “primary challenges” that we face today come from “hacktivists” and nations, Wong said, during a session called “Hacking Hollywood: How Safe Is Your Date.”
He said: “The motivation of attacks have changed. No longer do you have 13-year-old kids in their mom’s basement thinking hacking is kind of fun.” Instead, they’re hackers who often carefully research the targets of their attacks, infiltrate companies’ computer systems, and “they discover once they’re in the system, they capture what they want” and “then they get the heck out of there,” he said.
What adds a major layer of complexity for IT departments today is the fact that many employees don’t just log into their companies’ computer systems at work, but instead use a wide range of devices, including mobile ones, that are often their own to do their work, he noted. “Fifty percent of all employees bring their own device to work” now, he said.
Citing some frightening cybersecurity data points, he said it’s going to cost your business $40,000 an hour “if you’ve been hacked,” 35% of traditional television companies have been targeted in attacks, $21,155 is the average daily cost of resolving a breach, 146 days is the median time it takes to detect a breach, it takes 46 days on average to respond to a breach, and $7.7 million is the average total cost of a breach. The average cost of a breach for DXC’s clients has been just under $8 million, he said.
Fifty-three percent of breaches are reported by third parties outside of companies rather than their internal security specialists, he also pointed out, noting: “That’s kind of frightening.”
Eighty-four percent of breaches occur at the application layer and, since 2010, the time to resolve an attack has grown 71%, he also said.
Wong provided a few examples of broadcast companies that had been significantly hacked, pointing to TV5 Monde in France, Channel 2 in Israel and the BBC in the U.K.
Major cyber threats to broadcasters specifically include bonded cell/Wi-Fi camera backs, smartphones on sets, USB sticks and personal information on remote productions, he said. He also singled out one massive ransomware threat, called Fusob, which masquerades as a video player. When Fusob is installed on a device, the program proceeds to lock out the device and demand ransom, he noted, adding that from April 2015-March 2016, about 56% of accounted mobile ransomware attacks were Fusob.
To protect themselves, he suggested that everybody: use long passwords and select questions for verification that would be difficult for anybody else to answer, use two factor authentication, operate computers using standard user privileges rather than administrator privileges, use a trusted virtual private network service, minimize connections to untrusted Wi-Fi access points, update devices often, use anti-virus and firewall software, back up data and logs frequently, use encryption, avoid opening suspicious emails, establish security procedures and user agreements at all companies, and train employees about security and responsibilities.
In a separate session April 24, called “Achieving the Full Potential of Secure, Digital Collaboration,” 5th Kind CEO Steve Cronan explored the layers of the digital spectrum and explained how companies can secure their content creation pipelines and scale to meet current and future needs.
Critical to the process is the ability to engage technical, business and creative roles while supporting event driven workflows to, ultimately, remove any technical questions about security from the creative process, according to the company.
5th Kind’s solution to these challenges combines a high level of security, streamlining and scale, and cost reduction, Cronan noted.
Among other things, its solution mitigates loss with files distributed and reviewed inside a company’s system and provides powerful access controls to ensure that nobody has access to a file they shouldn’t have access to, according to Cronan. His company’s major clients include Legendary Pictures, Marvel, Nissan, Toyota, Walt Disney Pictures and Warner Brothers, he said.
The CDSA Cyber Security and Content Protection Pavilion program (C3830CS at the Las Vegas Convention Center) represented the NAB Show’s first dedicated cybersecurity forum.
Look for more coverage of the CDSA’s NAB Cyber Security and Content Protection Pavilion program at MESAlliance.org.
Here’s a preview of what to expect during Wednesday’s program:
10:30–11 a.m. “Enhanced End-to-End Content Security with Forensic Watermarking” Rajan Samtani, senior advisor for the Digital Watermarking Alliance, will look at the various forensic watermarking solutions available to help companies monitor and detect the sources of piracy today.
11:05–11:25 a.m. “Evolving the Digital Supply Chain from Monolithic to Micro Services” The shift to digital resulted in hastily installed (and unwieldy) applications being string together to help companies manage their supply chains. Steven Sabonjohn, senior manager of OnPrem Solution Partners, will share how independent, autonomous, modular, self-contained applications (i.e. micro services) can be utilized to revolutionize today’s digital supply chain.
11:30–11:50 a.m. “Cognitive Cyber Defense: Machine Learning & Applied AI to Uncover Unknown Threats” Murali Rao, global head of cybersecurity and risk consulting for Wipro, offers up his thoughts on how a cohesive, cognitive cyber defense framework allows enterprises to maximize investments in cyber threat mitigation, and can lead to sustainable cyber defense.
11:55 a.m.–12:15 p.m. “Securing Critical Content in the AWS Cloud” Usman Shakeel, principal technologist-of media and entertainment for Amazon Web Services, will answer the most frequently asked questions and concerns around securely storing, processing, distributing, and archiving digital media assets in the AWS cloud environment.
1:30–1:50 p.m. “Identify, Govern and Protect Data (Including Personal Customer Data)” Gavin Day, VP of data management for SAS, will share ideas for overcoming organizational challenges to data security and data management, and how companies can build a solid data governance foundation. Getting started toward securing an organization’s data, including personal customer data and building a process to comply with PII and GDPR regulations, will also be on the agenda.
1:55–2:25 p.m. “Global Digital Production: It’s All About Cyber and Even More” Lulu Zezza, production executive and founder of 3 Zebra Solutions, shares how media and entertainment companies need to evolve beyond email when it comes to handling communication for production and post production.
2:30–3 p.m. “Security as a Business Enabler: Encourage Speed and Innovation While Maintaining Security in the Cloud” Christine Thomas, senior director of worldwide technical operations and strategic initiatives for Dolby, Ted Middleton, chief product officer for Verizon Digital Media Services, and Matthew Trentler, senior manager of information security for Dolby, will tackle the aspects of security as a business-enabler.
3:05-3:25 p.m. “The Importance of Audits within the M&E Industry” With CDSA set to release its annual revision of the Content Protection Security (CPS) Standard, moves are in place among its board of directors to establish a set of “common controls,” with the goal that vendor suppliers will face a more consistent and streamlined audit assessment process that will be cost effective and cut the time involved. Chris Johnson, global director of anti-piracy and compliance programs for CDSA, will discuss.
3:30–3:55 p.m. “EIDR Content Identifiers Use in Security Solutions” Don Dulchinos, executive director of the Entertainment ID Registry (EIDR), Sefy Ariely, EVP of Americas for Viaccess-Orca, and Mike Witte, EVP of business development and sales for Vobile, will look at the use of EIDR IDs as a component of security and anti-piracy solutions.