CPS 2022: Hacker Predicts a Billion-Dollar Attack Will Hit Hollywood

LOS ANGELES — At the Dec. 6 Content Protection Summit (CPS), world-renowned cybersecurity expert Ralph Echemendia, best known as “The Ethical Hacker,” relayed a story about a famous rapper being hacked on a whim by a 17-year-old kid.

The teenager didn’t want money, or fame, or access to the rapper’s latest song. He just wanted an autograph.

The biggest threat media and entertainment players face today when it comes to cybersecurity threats may be “not understanding the behavior of people themselves,” Echemendia said during his keynote presentation “Evolving Threats and Where We’re Headed: Hacker’s Perspective.”

And until the industry makes cybersecurity a priority, Hollywood will continue to be vulnerable, with Echemendia predicting a ransomware attack against a $1 billion property, restricting access to assets, within the next 24 months.

“There’s a disconnect [with hackers],” he said. “They don’t feel anything when they hack someone because you don’t know the person you’re hacking. It’s a computer on the other end.”

A vast majority of hacks revolve around financial profit, he said, and too many hackers are acting with impunity, operating out of Russia and China.

Compounding the problem is still too many media and entertainment firms prioritize cybersecurity. “Nobody wants to deal with cybersecurity, and that needs to get better,” Echemendia said. “Cybersecurity was a baby, and now it’s a rambunctious teenager. But the cyber criminals are far more mature.”

Echemendia gave credit to the industry for improving its security posture over the years.

For past productions “there really was no security. It was people using their own devices.” Today, improvements he suggests include a dedicated on-set person who keeps track of all the data flowing around a production. That’s because of all the various access points, from script to screen, where data can be compromised.

“We’re in the business of trust, and your biggest vulnerabilities are due to a lack of knowledge,” Echemendia said. “Most people don’t understand the cybersecurity issue at all. They don’t want to deal with the bouncer at the door, and hackers know that and take advantage of that.”

With costs of annual breaches worldwide now in the trillions, Echemendia said being cyber-aware can be the difference between a minor issue and a catastrophe.

“You’re going to get hacked, no matter what. Then what? Do I have an hour in the system or a hundred days? That makes all the difference in how much data I can steal, and how much damage I can do,” he said.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit was sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.