Top Security Leaders in Media Gather to Discuss How to Avoid Breaches
May 18, 2017
Editor’s Note: This article is an edited abstract of Key Takeaways from the Major Media Security Summit published by Signal Sciences Labs’ Kooper Macleay.
Cyber hacking continues to be one of the hottest stories today--impacting governments, educational institutions and companies across many sectors around the world, including media. With more consumers using more devices and platforms to consume content, the media industry has taken on a new sense of urgency around security breaches.
The most recent WannaCry ransomware attack reiterates the need for everyone--individuals, organizations, and industries--to take the necessary precautions to protect against vulnerabilities such as phishing scams, user credential breaches, smart electronic device takeovers, and of course, ransomware.
Last month, Turner, Bugcrowd, Duo and Signal Sciences hosted an intimate event for top security leaders to candidly discuss challenges and best practices. It marked the first time a group (more than 20) of the largest broadcast and media brands convened to discuss the major issues impacting security.
Below are key takeaways from the day’s event. Please note that this was a private event, and we adhered to The Chatham House Rule.
- Security conditions are still sub-optimal. In security, often times, conditions are non-optimal; teams are understaffed and budgets are tight. While it’s impossible to reach complete security, the keynote stated “as long as we are closing the gap between the fix and perfection, we are doing well.”
- It’s still easier to attack than defend. There’s a misconception that hackers are more clever than those who build security systems, but as our keynote stated, “…it’s easier to kick down a Lego castle than to build one.”
- New technology is shaping next steps. It’s a challenging time to be in security, but exciting technology including machine learning and the expansion of real-time information sharing is shaping security’s next steps.
- Automation and prioritization. Team resources are often limited. A panelist emphasized, “Automation is the heart of the appsec program,” and added, “Risk management is huge, you must find your high value targets and protect those first.”
- Top down management. CISOs need company-wide buy-in, which continues to be a challenge for CISOs in any industry.
- Embedding application security. All panelists thought embedding application security into the entire IT organizational structure and culture is important to creating an effective security organization.