In our previous post, we’ve looked at some of the major hacks that have hit the entertainment industry and identified the industry’s reliance on third-party vendors as a key vulnerability. Today, we’ll look at the steps the entertainment industry needs to take to protect assets from potential threats.
As always, the industry must balance security with business functionality. When you’re in the entertainment business, that means grabbing headlines with multi-million dollar budgets and trying to increase media coverage for your entertainment property. While it’s good for business, announcing to the world that Avatar 2 is set to release on December 16, 2022, puts a big focus on the digital file and all the studios and companies working with it.
The film had a budget of $250 million, took over 5 years to shoot, and is set to be released 12 years after the original. If cybercriminals took control of the file, there is no limit to how much Lightstorm Entertainment would pay to save their movie.
Considering that keeping budgets, release dates and projects out of the news would severely hamper buzz and ultimately reduce ticket sales, studios have no choice but to continue showing their hand to cybercriminals while adding multiple layers of protection to their video files.
Third-party risk management
Third-party providers are often the Achilles heel of the entertainment industry. Production studios rely on this supply chain to add special effects, align sound with action, and turn raw film into polished film. They add subtitles and translations, while others dub the film into foreign languages. Every step of the way, digital files are only as safe as the third-party company’s security policy.
To limit exposure, production studios should develop a clear, non-negotiable policy for each vendor they work with. This policy should include:
- Password security protocols for employees and contractors who have access to sensitive data
- Enterprise login email accounts for all SaaS software
- Removal of public Wi-Fi when accessing proprietary works
- Multi-factor authentication tools
- Least privilege access policies and role-based access so employees only have access to what they need
- Mandatory Endpoint Security
- Penetration testing and regular maintenance
Additionally, all employees must complete training sessions, so they can recognize phishing attacks and avoid handing over credentials.
It may seem like a tall order, but when you consider the consequences of not improving third-party securitythe benefits obviously outweigh the challenge of implementing such a program.
Cyber-First Approach to Mergers and Acquisitions
Like all businesses, Mergers and Acquisitions are a key driver of growth. last May, EY reported that media and entertainment companies are taking a buy vs build approach to drive growth. In a survey cited by EY, 51% of executives surveyed said they seek M&A opportunities outside of their home market.
While good for business, entertainment industry players should take a cybersecurity-first approach when considering M&A targets. Cyber risks are often overlooked in the vetting process because business leaders tend to focus on the assets they receive rather than the security built into those assets.
This can lead to disastrous results. Cybercriminals who already have access to the acquired company’s assets can extend their reach to the larger company. Buyers should beware and carry out a full security review of potential assets.
Solid ratings and reviews
Every business should perform cybersecurity assessments and reviews, but the stakes are much higher for entertainment companies. Piracy and leaks can undermine investments in films by distributing them for free to the public. Movies that cost tens of millions to produce and promote have no value once shared on a public cloud.
The film industry was late in the cybersecurity game, and as creatives, their appetite for additional security measures is limited. More often than not, existing legacy systems are not updated or no longer supported by their developer, creating cybersecurity vulnerabilities for your critical assets.
The key to any protection is the integration of a cybersecurity team to whom you can entrust your most valuable assets. These advisors must understand the current state of your business and recognize the unique and unfavorable position the industry finds itself in. They should guide you to further increase your level of protection, as they reduce the likelihood of data breaches and pirated videos resulting from your workshop.
For example, they may recommend a zero trust approach for users, applications and infrastructure. This comprehensive approach secures assets by eliminating implicit trust and continuously validating access rights at every stage of a digital interaction.
Security by design is another approach they can recommend. In this model, security is considered and integrated at every stage of development. Rather than building assets and then trying to find ways to protect those assets, a security-by-design strategy would embed security directly into the assets.
Keeping your assets safe is serious business. Studios want their entertainment assets to make headlines, but only when it comes to ticket sales and buzz. Not because a cybercriminal stole the movie and shared it online for everyone to see.
To discuss your cybersecurity defense needs, contact a HolistiCyber expert today
*** This is a syndicated blog from the Security Bloggers Network of HolistiCyber written by Nirit Icekson. Read the original post at: https://holisticyber.com/blog/keeping-assets-secured-in-the-entertainment-business/