Cybersecurity Watch: Top Five Takeaways from Netflix Hack
Several published reports were issued over the weekend of a ransomware attack involving Netflix that resulted in the unauthorized release of several episodes of one of the media company’s most popular shows, Orange Is the New Black. The event was likely a hot topic among all segments of the media industry ecosystem, bringing fresh urgency to issues — cybersecurity and the protection of content — that are already top of mind among many media professionals.
The most recent attack on a media company’s most-valuable assets is rightly setting off alarm bells throughout the industry. But similar to all business challenges and threats, cybersecurity vulnerabilities are best addressed through careful planning and properly executed responses, which begin with cool-headed analysis. Though details are still being released about the recent attack, it’s not too soon to draw some important takeaways about what the incident says about the current state of cybersecurity in the media industry.
#1 - Corporate accounts continue to be the most vulnerable
Industry surveys, including those conducted by Imagine Communications over the past few years, cite security as one of the biggest concerns among media companies contemplating shifting some or all of their operations to a virtualized environment, especially the cloud. The presumption is that the public cloud is acutely vulnerable to malicious attacks. The reality, though, is just the opposite.
Nearly all recently reported attacks on media companies have been perpetrated on corporate networks. High-profile media company data breaches in South Korea, the US and France since 2013, for example, have all involved information stored on private networks. The Netflix incident appears to be of a similar nature. According to accounts of the attack by The New York Times and other news outlets, the episodes were stolen from a post-production house that works with Netflix, the streaming media giant that collaborates with public network suppliers to store and stream its massive content library to more than 100 million subscribers around the world.&
Securing digital assets, staying at least one-step ahead of some of the most determined and sophisticated hackers in the world, can be an extremely expensive undertaking for a corporation that is focused on the production or distribution of video content. Public cloud companies, who are in the business of protecting their customers’ digital assets and whose reputations depend on ironclad security, are motivated to make their networks as impenetrable as possible. Microsoft alone spends roughly $1 billion annually on cybersecurity, according to an online story published by Reuters in January, which quotes the cloud provider’s vice president of security, Bharat Shah.
#2 - Cybersecurity is only as good as your weakest link
A related takeaway from the Netflix incident, of course, is that your cybersecurity is only as good as the weakest link in your content chain. In the case of Netflix, the company believes that the hacker obtained the episodes from a post-production house that is involved in finalizing the content before it’s ready for streaming, according to published reports.
It’s become a cliché, but we live and do business in a connected world. The negative side of the power and convenience of that openness is, of course, that it provides ample opportunity for hackers to uncover points of vulnerability. Media companies need to be cognizant of the fact that your cybersecurity defense doesn’t stop at your network, but should instead envelop your data wherever it’s stored or transported. Work with technology suppliers that support features like content encryption to workflows, with optional capabilities to add watermarking and forensic attributes to media.
#3 - Ransomware Attacks are on the rise
Incidents involving ransomware have increased significantly over the past year, moving up from 22nd place to 5th as the most common form of malware in the 2017 edition of Verizon’s Data Breach Investigations Report. According to the 2017 DBIR, which can be downloaded through this link, the “number of ransomware incidents increased to 228 in this year’s report from 159 in the 2016 DBIR.”
As the name suggests, ransomware attacks work by disabling, often through encryption, vital corporate content, access to which is only restored after the attacked entity pays a fee, often in the form of bitcoins or some other digital payment system. In the Netflix case, digital copies of several episodes of the new season of the highly popular Orange Is the New Black were stolen and then made available through a file-sharing site after Netflix refused to meet the hacker’s demands, according to several published reports.
Similar to piracy, the unauthorized distribution of digital assets can be financially devastating to the victimized media company. Popular television shows can generate millions in ad revenue or be instrumental in attracting subscribers to subscription-based video-on-demand (SVOD) services, which often provide exclusive access to their programming, especially original content.
Though media companies are also vulnerable to more traditional cyberattacks, including those aimed at disrupting operations or tapping into customer data, ransomware poses a particularly acute threat to content producers and distributors given that their primary business assets are now digital.
For every cyberattack that makes headlines, there are likely three or four that go unreported
#4 - Actual Incidents likely higher than what’s reported
For every cyberattack that makes headlines, there are likely three or four that go unreported – or even undetected - according to findings from a survey conducted in the UK at the end of 2015 and summarized in a CSO Online article in March of 2016. That’s because few companies want the world to know that the data they hold is being targeted by bad actors who wish to exploit it for financial gain – or to simply cause mischief.
A February 2016 article by nScreenMedia cites another survey claiming that 28% of media organizations say they have experienced some form of a cyberattack. Given the reluctance of many company officials to disclose security breaches, even in an anonymous manner, it’s likely that the number of impacted media companies is even higher.
The bottom line is that media companies would be foolish to believe that cyberattacks only happen to other organizations and that the incidence of digital break-ins is small and restricted to a few high-profile companies. The hacker who took credit for the Netflix attack, for example, indicated that content from additional media companies was in the group’s, or individual’s, possession, according to reports.
#5 - No putting the genie back in the bottle
It would be a mistake to interpret the Netflix or other recent security breaches as indictments of the migration of media operations to IT/IP-based environments built on commercial off-the-shelf (COTS) equipment or public cloud, and to retreat from what is a beneficial, prudent, and inevitable technology evolution. It’s equally shortsighted to deny that a number of contributing factors have made media companies and their assets increasingly vulnerable to cyberattacks. Not only has more and more of the production, playout and editing of video moved to IT environments over the past few years, the Internet — the very vehicle for Over the Top (OTT) distribution — continues to gain momentum as a preferred delivery channel.
Clearly, clinging to closed networks and inflexible technology is not a viable option for media companies that need to modernize and expand the agility of their operations to meet both current and future video consumption preferences, which grow more diverse and personalized each day. Media operations have been steadily transitioning to IT-based technologies for the past decade or more. What’s changed is that everything is now connected and one of the few negative byproducts of the “digitization of everything” is that it opens up new opportunities for bad actors.
In the past few years, businesses of all stripes, from behemoth financial institutions to mom-and-pop shops, have had to learn to protect themselves against cyberattacks, as have millions of consumers. Media companies are no exception. All threats to the future success of media companies, whether they come from an inflexible technology foundation, a shifting competitive landscape, or even The Dark Overlord, should be met with decisive and vigilant action.