After Sony: Evolving Security Challenges in Media
September 14, 2016
The following is a guest blog post from Pete Chronis, Turner’s Chief Information Security Officer:
Recent developments, primarily the Sony hack, and technical advancements have made information and systems security a top priority in the media industry. This new prioritization will have a significant impact on the industry’s ongoing transformation.
Let’s first take a look at the direct security threat. The Sony hack was a wake-up call for the industry – because before they were breached, no one thought media companies were serious targets for organized hackers.
To be clear, there is no shortage of threats out there. There are a growing number of entities (state run and otherwise) that might want to harm a media company because they do not approve of the types of content being produced, or the types of news, editorials or opinions they are airing or publishing. “Hacktivists” target the media on a regular basis and our own news organization faces #TakeDownCNN calls regularly on Twitter.
The reality is that threats from organized cybercrime are here to stay. During times of war or social conflict disrupting the free flow of information can be a tactic used to cause serious harm, including providing disinformation to create confusion or further tension. Other entities that may be interested in pure personal gain are now also focusing on media companies because of the potential financial benefits.
As content becomes more accessible and its popularity continues to grow, piracy also becomes a greater threat. Stealing content before it goes on air and distributing it in online forums gives many hackers the “street cred” they seek with their peers.
For now, hackers are using indirect techniques to breach media companies. One method is targeting company employees using “phisher” emails laced with malware. Once infected, an employee’s computer serves as an unwitting command center, receiving special commands from the hackers that will enable them to map out the infiltrated network, identify key assets and hack into them. In Sony’s case, aside from emails – both sensitive and non-sensitive – being disclosed hackers left behind malware designed to completely wipe out massive amounts of data that was difficult to recover.
That is why my team has deployed sophisticated security controls and runs phishing exercises with our employees regularly. This enables us to study our organizational behaviors and point out best practices to employees – to help avoid this happening to us in the future.
Hackers aren’t the only new security challenge facing the media industry. New technologies and new ways of both distributing content (streaming and direct to consumer applications), as well as the ability to provide more targeted advertising has created an entirely new set of issues.
Consumers are now accessing content on multiple devices and platforms, each having their own unique set of technological challenges. As well, media companies are now either collecting and storing new types of and more data. These new areas provide new security considerations, while providing more opportunities for hackers to act.
As an example: Nearly one billion minutes of NBC’s online Olympic’s programming (powered by Turner’s iStreamPlanet) were streamed to consumers outside the traditional television environment in the first dive days of the competition. People were accessing this content on their computers, tablets and smartphones which extended the reach of the games and provided the audience new and unique ways to consume the content. It also provided additional security challenges that needed to be considered.
Still, streaming, direct to consumer offerings and targeted advertising are driving the future business opportunities in the media industry. They are enabled by massive technology footprints that did not exist a few years ago. These new technologies are driving a transformation in the business, but, are also potentially increasing a company’s cybersecurity exposure.
Without tipping our hand too much, it is safe to say that at Turner, we are investing in the technology, people, practices and capabilities needed to thrive during this new chapter in our industry – and to do it securely. Like many media companies, we know we must understand the value and vulnerability of key systems throughout the enterprise, invest in key controls designed to reduce cybersecurity risk and be prepared to contain breaches.
We have set our sights on re-imagining TV, which means creating the ultimate consumer experience, while driving great value for our partners, creators and advertisers. Leveraging these new technologies brings new opportunities, but also new challenges. And these are the challenges we will need to meet as we continue our success and grow into the future.
Want to learn more about Turner security from Pete Chronis? Read here: https://www.turner.com/blog/qa-pete-chronis-chief-information-security-o...