Let’s be honest – we know what the problem is with data or content security in the media industry. It’s all about the content TV and Film companies produce. Cyber-attacks are on the rise and everyone is vulnerable, but the pressure is especially severe if hackers know that you are in possession of something valuable, like the latest series of an award winning show or a high budget movie.
There is a lot of publicity that surrounds cyber-attacks on big name companies and their big name content – just see the various media reports about Game of Thrones and HBO earlier this year. The treasure has never been shinier, and the risk that much higher. The cyber criminals have realised that there is value in the industry. The content is of interest and has value; therefore, they want to leverage that value.
But are media companies really more vulnerable to attacks? They are undoubtedly a prime target, but does that make them any easier to infiltrate? That’s hard to say. They do typically work with multiple third parties. Whether it be outsourcing storage, or encoding, or even the production companies hiring freelancers to operate cameras. The workload in the industry is fast moving and quick turnarounds mean that work is often outsourced. Media companies run their content through many rivers, and it only takes one crocodile in the water to make the content unsafe, much like the Orange Is The New Black leak as the media reported earlier this year.
The incidents of security and the threats to networks that we are seeing are only going to get worse. There are so many ways to be hacked because everything is theoretically vulnerable – that’s without even touching upon human error. It is a cat and mouse game, and the media industry is at risk of losing. Media companies are spending more time trying to solidify their solutions but this all comes at a cost. As we all know, everything has a budget and security tends to be the one that falls on the back burner… even though a breach can cost millions of dollars in lost revenue and millions more on the stock market. Not to mention the loss of reputation from the wider public, your own employees and prospective recruits.
So what can be done?
It’s time to be more pragmatic and more proactive. Don’t cross your fingers then hope for the best (because it won’t work) and start layering your protection, expecting the worst. “Securing your network” sounds good, but what if someone has made it inside already? Restricting your employees’ internet connection (or air gapping) sounds effective – trouble is hackers have been busting that myth for years.
What do we think is the most pragmatic way of protecting sensitive content? We recommend encryption at rest. This means video, audio or data files remain encrypted throughout the entire workflow and can only be accessed by those who fulfil a set of criteria – like a password. The benefit of this is rather obvious; someone could happen upon a pre-release film or TV show, but they can’t access it without a password. The file is essentially useless to them, provided the encryption method is up to scratch (AES 128-bit, for instance).
Encryption at-rest is advocated by MPAA (Motion Picture Association of America). A lot of companies follow encryption in transit but not at-rest; that is because it can be a difficult undertaking as traditionally post-production editing programs (like Avid’s MediaComposer and ProTools) won’t recognise encrypted files. This has been a major sticking point for a number of years and only now the industry is starting to catch up.
And that catch up has happened with MediaSeal encryption at-rest; the files just… work in those programs, as normal, and yet stay encrypted throughout to ensure that only intended access to content is allowed. To ensure the file stays protected, there are multiple methods for authentication that are leveraged: