Cybersecurity And Media Companies

Cyber Security expert and former Chief of Staff at the Department of Homeland Security Paul Rosen said at the C-Tech Cyber Security event,

“Broadcast and media companies, like so many others, are seeing two things, an increased frequency of cyber-attacks, and an enhanced sophistication and complexity to such attacks,”

Companies must take responsibility: the reality is that creative media and broadcasting companies are high targets because of their valued content. Knowing your valued assets and being prepared is key, Rosen explained.

“Hackers have the “ability to do great damage to companies, financial, reputational and operational…You can’t eliminate cyber risk in an interconnected world, but you can do a lot to mitigate it.”

Rosen said: “Cyber incidents have legal, practical and policy consequences and addressing cyber security is becoming a mainstream focus of companies.”

The increasingly higher volume of cyber breaches is driving awareness, Rosen said: “Company employees from the board of directors down recognise the need to understand the risks associated with cyber security and protect their businesses from attacks.”

Ultimately it is culture driven; you have to instill cyber ethics across the company.

“Allocating appropriate resources is critical. It can be costly to put in place adequate preventative and response resources, but the cost of ignoring today’s cyber threats can be significantly higher.

“This is why so many business executives at the highest levels are embracing cyber security.”

Mitigating Risk

Rosen oversaw the United States Department of Homeland Security’s (DHS) response to some of the most sensitive and complex challenges including significant cybersecurity events.

Rosen said: “Companies should have a risk-mitigation strategy and a response plan in place to respond when an incident occurs.”

His experience within DHS made clear, “it is inevitable that security breaches will occur, which is why businesses can’t afford to ignore them,” he continued, “If businesses in this industry are going to operate in an interconnected world, media and broadcasting companies need to address what they’re going to do to lessen the cyber threat while continuing to advance their business.

“In homeland security, it is all about promoting security by identifying and minimising risk, while at the same time facilitating business and lawful trade and travel.”

This philosophy can be applied across all sectors, including the valuable content created by the broadcast industry. “When it comes to pre-release media content, big dollars are at stake if there is a hack of that content or a security breach before it is released.”

“Media and broadcasting companies need to address what they’re going to do to lessen the cyber threat while continuing to advance their business”

Rosen said there is good news. Companies and organisations can implement a number of concrete steps to be ready for attacks. “Working with a law firm and forensic firm before an incident occurs” is a useful strategy to have in place.

“Some examples of important prevention measures include regularly patching and backing up your network, and maintaining an updated incident response plan: know the first five steps you’re going to take in the first hours of a beach, including who your outside counsel is.”

He said: “Every threat actor has a motivation, which is important to understand. A nation state actor may have a different motivation than a criminal organisation, for example.

“One may want money while another may be looking to embarrass an executive or business, or may want to conduct an influence campaign by taking over or interfering with broadcasting or media.”

To Pay or Not to Pay

The issue of ransomware and whether a company decides to pay ransom is a complicated decision.

Rosen explained the host of tactics employed by hackers. He said: “One common attack method are phishing emails, where the goal is to get a person to click on a link which leads to malware being downloaded onto a computer or network.”

“Ransomware has presented some unique and interesting issues when it comes to cyber security”

Rosen explained: “Whether to pay a ransom is a business decision, but it may have practical and legal implications that companies together with their counsel should consider. Some of the practical implications include figuring out what bitcoin is and how to get it, if that’s what the attackers want. Who makes the decision within the company about whether you are going to pay, and are you going to coordinate with law enforcement?

“If you are inclined to pay the ransom, companies may also consider whether will be making yourself a target for future attacks? Will hackers see your company and industry as a viable target for future attacks?”

He explained, “Ultimately, when a company is faced with losing $10 million a day, or paying a $10 thousand ransom, executives may see a strong business reason to pay.”

It’s an IT security issue but needs to be understood company-wide. “But there are also potential legal implications of paying a ransom, including US sanctions laws and anti-money laundering controls that companies should explore with counsel,” Rosen said.

“Cyber security hygiene is a growing and an important component to any major business, and I think it’s only going to continue to grow.

“Hackers will find new ways to infiltrate networks, and whether it’s the broadcasting and media industries or some other sector, as long as there is a desire for what you have or to manipulate what you’re doing, the threat of cyber-attacks will continue,” Rosen stated.

Rosen said the key for broadcast companies is: “Plan and prepare in order to mitigate the risk of attacks. And practicing your response to an incident will make you better and more prepared for the real thing.”

IBC.org:

You Might Aso Read: 

French Media’s Emergency Meeting After Isis Hack:

Hackers Steal Game of Thrones Script:

Disney Says Film Hack Threat Was A Hoax:

« Machine Learning is Transforming Data
UK 'biggest audience' In EU For Jihadist Web Content »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Laminar

Laminar

Laminar provides the only Public Cloud Data Protection solution that provides full visibility and enforcement capabilities across your entire public cloud infrastructure.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.