The entertainment industry is a profit powerhouse, with revenues now over $2 trillion worldwide. Unfortunately, the industry’s high-profile content, reliance on digital systems, and growing supply chain of partners make the entertainment sector an attractive target for cyber attacks. Whether intended to steal consumer information, hold content to ransom, or distribute propaganda, data breaches are taking their toll on the industry. In 2020, almost half of firms in the sector reported at least one incident, and took an average of 224 days to identify a data breach, two weeks longer than the global average.
Valuable content leaks
Content is an entertainment or media company’s most valuable asset, meaning the industry is a goldmine of data and intellectual property that can be monetized. Whether targeted by hackers chasing monetary gain or nation-state actors causing deliberate disruption, extortionists can hold materials for ransom, or steal data and threaten to leak it in the case of non-payment. In early 2021, the German Funke Media Group fell victim to an attack like this, with a ransomware attack holding data hostage on more than 6,000 enterprise computers.
The cyber attack on Funke Media Group is not an isolated incident. In 2017, a hacking group leaked 10 unreleased episodes of Netflix’s Orange Is the New Black – despite receiving a $50,000 Bitcoin ransom payment – mirroring a very similar attack on HBO that same year. More recently, A-list celebrities including Lady Gaga, Robert DeNiro, and Madonna were affected when their media and entertainment law firm was hit by ransomware which released up to 756 GB of stolen data. This included confidential contracts, emails, phone numbers, and other sensitive data.
Along with the high-value data they hold, the sheer size of entertainment conglomerates’ budgets makes them attractive targets for cyber criminals, who are empowered to demand larger ransoms. The entertainment industry generates more than $100 billion in annual revenues, so a lot of profit is at stake. While large organizations seem to be the obvious targets, small post-production companies, visual effects houses, and creative agencies also face the threat of serious cyber attacks. And unlike the bigger studios, they rarely have full-time IT or security staff, with little, if any, budget allocated to cyber awareness and training.
Third-party threats
Media production models often involve various third-party contractors, including camera operating, editing, writing, stunts, graphic design, and distribution teams. This decentralized supply chain introduces further security challenges; in the instance that a vendor suffers a breach, the organization’s data could be compromised. An investigation found that the aforementioned breach and data leak involving Netflix’s Orange Is the New Black occurred due to the compromising of a contractor working on the show. To protect their systems, entertainment organizations, no matter their size, need a centralized security strategy among their network of partners.
An evolving industry
The entertainment industry is constantly shifting, with the COVID-19 pandemic causing a surge in the usage of streaming services, online gaming, and virtual reality. The increased consumption of digital content, often through network-based and IoT devices like Smart TVs and virtual home assistants, further increases the risk of hacking and its potential damage, with customers inputting more personal information and payment details into their entertainment systems than ever before.
These devices rely heavily on cloud-based systems and mobile networks, so interruptions in service caused by a cyber attack can degrade a company’s brand reputation and cause huge losses in revenue. An Amazon Web Services outage in November 2021 is estimated to have cost the company $100 million in revenue, and with 87% of consumers now willing to take their business elsewhere if a data breach occurs, revenue lost from defecting customers is also significant. In this landscape, regulations like the GDPR, CCPA, and PCI SSF are especially important. Organizations must demonstrate compliance with these standards without redeploying staff from security initiatives.
Leveraging cyber threat intelligence
The key to keeping customers and reputations safe in the entertainment industry is to leverage intelligence gleaned from cyber threats to detect and prevent future breaches, ensuring that all partners and suppliers are integrated into their cybersecurity strategy.
Centripetal CleanINTERNET is an innovative, next-generation threat intelligence solution providing enterprise-class security to entertainment organizations of all sizes. CleanINTERNET works at massive scale to help overstretched and outmanned security teams shield against 99% of globally identified cyber threats. Our team of expert analysts aggregate, correlate, and manage over 3,000 cyber threat feeds, using AI to identify developing threats and reporting back to you directly, alleviating the security burden from your team and reducing security alerts by up to 70%. CleanINTERNET is scalable and easily deployable, addressing industry and regulatory compliance requirements in the process. Centripetal’s Zero Trust inspection of threat traffic separates real threats from legitimate business traffic, so you no longer need to choose between full cyber protection and business performance.
