Internal Security Industry Spotlight: Entertainment Sector
Game of Thrones has the dubious distinction of being the most-pirated TV show of 2016 – for the fifth year in a row. In 2016, Yahoo was hacked, resulting in a large volume of user account information being leaked. A 2014 hack of Sony resulted in significant loss of data and documentation and release of pre-release movies.
A PWC survey indicates the entertainment sector security statistics are on the rise:
- 26% increase in detected security incidents
- 7% increase in information security spending
- 81% increase in total financial losses as a result of incidents in 2016
The entertainment industry is rife with security breaches and, given the high-profile nature of the business, such breaches always lead the headlines.
Sources of Threats
Insiders may be targeted through social engineering techniques such as spear-phishing (an individual with a high access level is targeted or spoofed) or may fall prey to an attack by not following safe security practices. Of course, insiders may also do damage through malicious intent.
State-sponsored adversaries may target the industry because entertainment companies are often high-profile cultural symbols. It is widely believed that the Sony hack was perpetrated by North Korea over a film with an unflattering depiction of their leader.
Hackers may be reacting to what is perceived as offensive content or acting to show off skills.
Cyber-terrorists may take action against the portrayal of a religious message.
Consequences to the Industry
What are the consequences of attacks within the entertainment industry?
- Business email compromise can result in the leak of information that is particularly sensitive given the brand equity and reach of entertainment companies.
- Social media accounts that are taken over in an attack can impact a large number of followers, damage reputation, and cause significant internal effort in clean up.
- Leaked content such as movies or music represent a huge impact to profits.
- Ransomware that holds project data hostage can delay releases and impact revenue.
- In the online gaming industry, hackers steal virtual currencies in electronic heists.
Staying Safe in the Entertainment Industry
Here are several safeguards the industry can use to counter inside and outside threats:
- Consider the extended enterprise. Entertainment companies have widespread tentacles, with multiple locations, vendors, and partners. Policies, audits, and education must cover all of these entities.
- Identify who wants your assets. “The crown jewels [for the entertainment industry],” says Eric Friedberg, co-founder and chairman of risk management firm Stroz Friedberg, “typically involve pre-release content.” Risk assessments, therefore, should focus on looking for the likely vectors against those assets and tailoring security efforts accordingly, he says.
- Use employee monitoring to identify what is happening inside the company. Bryan Ellenburg, a security consultant for the Content Delivery & Security Association, a trade association that performs security audits for major studios and their vendors, contends it’s important to not just build up firewalls around a system, but also to invest in tracking what’s happening inside a company, to know who has accessed which files from where. “Every action should be logged to be reviewed.”
- Educate employees, starting with the basics (strong, unique passwords) and extending to social media activity. Schooling employees about security should still be Hollywood’s No. 1 priority, Mark Lobel, principal at PwC says.
Most importantly, the industry must take a proactive approach to assess their practices, policies, and data. For example, a recent leak at HBO included password information, a signal of a deeper problem the companies have in managing sensitive, intangible assets.