The Modern Cyber Risks Lurking In Media Operations

Uploaded on 2025-08-25 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW

Until recently, the media’s role in the cybersecurity narrative has largely been that of an observer. Journalists report the breaches, cover the fallout, and chase the state-sponsored fingerprints.

But the line between observer and target is beginning to blur. Just recently, the Venice Film Festival confirmed that it had fallen victim to a cyberattack.

A third-party ticketing platform used to manage event access was compromised, exposing personal data of those registered to attend. The real kicker? Many of those affected were members of the press.

Even the red carpet isn’t immune to the threat of cybercriminals. This wasn’t some grand cracking of newsroom servers or the tapping of a journalist’s phone. It was the simple breach of an events logistics system. But the implication is the same: attackers are getting closer to the media core by compromising the operational edges.

It’s subtle, but this is part of a pattern. Cyber gangs are no longer looking solely at newsrooms, databases, or the live broadcast infrastructure itself; they're expanding into the connective elements that support media operations.

From cloud-based production tools and booking systems to comms apps and travel logistics platforms, the media ecosystem – like every other industry in the world – spans dozens of interlinked platforms, many managed by third parties. Each one represents an attack surface with an opportunity to harvest credentials, map relationships, or introduce friction during time-sensitive coverage. While the goal is often disruption, sometimes it’s access, and sometimes its leverage. But it’s always bad news. 

Rolling Out The Red Carpet

In the case of the film festival, the average attendee or onlooker has no idea what goes on behind the scenes of a live event. They’re sprawling digital operations. A single festival, broadcast, or live report might involve credentialing platforms, ticketing vendors, remote production teams, freelance crews, satellite feeds, file-sharing tools, mobile comms apps, and multiple layers of cloud infrastructure. While the surface-level experience may feel seamless and deceptively simple, the underlying architecture is anything but.

Each system, service, and integration point introduces potential vulnerabilities, especially when pulled together under tight timelines and shifting personnel.

As we look ahead, the 2026 FIFA World Cup is expected to draw roughly five million fans in-person and around six billion viewers worldwide. But rather than expecting overt cyberattacks, it’s thought that ticketing and betting platforms are going to be a hotbed of cybercriminal activity. Betting odds can be manipulated, money can be stolen through fake transactions, and users can be tricked with sophisticated phishing scams to give up access to their account. All of this is part of the same “event” and the stakes rarely get as high. Employee devices, security cameras, cloud systems, and edge computing, and tangential platforms like betting sites, are all ways for attackers to get in and undermine trust in the event. 
 
What’s changing is how attackers interpret this complexity. Infiltrating the core infrastructure of a broadcaster may still be difficult, but targeting third-party services around the edges is often easier, and just as valuable.

Compromising a vendor that handles journalist credentials, for example, doesn’t just yield names and email addresses. It opens the door to future targeting, impersonation, and credential harvesting. In environments where speed trumps scrutiny and trust is assumed by necessity, attackers don’t need to breach the newsroom to access the people inside it. They only need to find a loose thread and give it a gentle tug. 

Why Traditional Security Models Fall Short

Most security frameworks in media organisations were built around the newsroom perimeter. Think firewalled networks, access-controlled CMS platforms, and endpoint protection for editorial staff. A lot of organisations used to think this way too, but the way media is now produced and distributed no longer fits that model. Events, coverage, and commentary are often coordinated across a mesh of freelancers, remote teams, external vendors, and cloud-hosted tools. Access is time-limited, geographically dispersed, and often shared between individuals who may never interact in person. In this environment, perimeter security is basically SINO – Security in Name Only. It doesn’t work. 
 
The challenge here is fluidity. Many platforms used to support media events are temporary by design: spun up quickly for a premiere, a live debate, or a press junket, then decommissioned or handed off without structured offboarding. Credentials are reused, access lists go stale, and security policies struggle to keep pace with production schedules.

This creates gaps not because anyone is negligent, but because the operational model assumes trust where scrutiny is simply unfeasible. And attackers understand this better than anyone. In media, the pressure to deliver content often outweighs the time needed to secure how it gets made.

Moving Toward Resilience

Newsrooms can’t be locked down. That’s not the answer. They need to be able to breathe and move and build complex, often temporary, supply chains to build coverage and follow the story. But that doesn’t mean security should be an afterthought. There are secure foundations that can be built to enable this kind of agility without compromising on security. For instance, implementing zero-trust principles across the broader media ecosystem. Every vendor, freelancer, and third-party platform should be treated as a potential entry point, requiring authentication, restricted access, and continuous validation, even for short-term projects. Shared folders, credential handoffs, and remote production tools should be secured with the same rigour applied to internal systems.

Resilience also depends on preparation. Media organisations should conduct “tabletop” exercises that simulate attacks on media-specific infrastructure: what happens if a live graphics engine goes dark mid-broadcast, or if a credentialing system is hijacked days before a major event?

Building redundancies into live workflows, hardening endpoints for field reporters, and creating joint response plans between editorial, technical, and event teams can mean the difference between a minor disruption and a total blackout.

In fast-moving, high-visibility environments, security needs to be as dynamic as the content itself.

Tim Grieveson is CSO of ThingsRecon

Image: Andrej Lišakov

You Might Also Read: 

How CISOs Can Speak The Language Of Risk & Resilience:

If you like this website and use the comprehensive 8,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Where Does The Buck Stop With Security Regulation?
Directors Face Serious Risks As Cyber Attacks Increase [extract] »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

KOBIL

KOBIL

KOBIL is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Velotix

Velotix

Velotix empowers organizations to maximize the value of their data while ensuring security and compliance in a rapidly evolving regulatory landscape.