Cyber Security: The Buck Stops in the Boardroom

The growing threats of piracy and ransomware require a company-wide security strategy emanating from the top.
Author:
Publish date:

By Mathew Gilliat-Smith, CEO, Fortium

LONDON-Ever since the internet emerged as a public information gateway, thieves and pranksters have been working to exploit it for criminal gain. Today, cyber-crime is a billion-dollar industry. The perpetrators are no longer lone wolf hackers; they are multi-national cartels who reap mega-profits. They target companies large and small across all industries, inflicting devastating damage to their reputations and bottom lines.

Just last week, Uber disclosed that it paid hackers $100,000 to conceal a data breach affecting 57 million accounts, the latest in a string of scandals and legal problems for the world's most highly valued start-up. The ride-hailing firm said it fired its chief security officer and deputy for their roles in the breach and the cover up.

Given the existential nature of the threat, it's surprising to find that, according to a study by NCC Group, only 13 percent of CEOs are directly responsible for managing their company's cyber risk. Many executives assume such things are the responsibility of IT staff. When hearing of a newswire report of a high-profile cyber-crime incident, they imagine "it can't happen here." Unfortunately, when it comes to cyber-crime, it can happen to any company and, sooner or later, almost certainly will.

To avoid becoming yet another victim, companies need to adopt strategies and procedures that reduce risk. And it must be a top-down approach. Lower-level staff often lack the decision making and budgetary authority to set company-wide policy believing, "That's the board's job."

Board members have a real incentive for taking the lead in cyber security: they may be held personally accountable for a breach. Increasingly, governments and stockholders are demanding greater accountability for security issues, considering it an integral part of the directors' code of conduct.

Uber's woes followed the Equifax breach that compromised the security of 140 million Americans and was similarly kept quiet for months. There is a view that the three Equifax officers could face charges for selling stock, whether knowingly or not, before the breach was disclosed.

The WannaCry ransomware attack that appeared last May infected more than 230,000 computers worldwide. The subsequent Petya and Bad Rabbit ransomware attacks produced similar consequences. Information security firm Sophos claims "Thought WannaCry was bad? You ain't seen nothing yet" and forecasts that the perpetrators' success will embolden others and ransomware will get much worse in 2018. Criminals who write ransomware and other malicious software are now operating what amounts to profitable franchise businesses, selling their source code to others with criminal intent. They have no lack of buyers because cyber-crime pays. Some 40% of businesses admit to paying 'affordable' ransoms to avoid costly downtime and negative publicity.

Executives can avoid finding themselves in a similar position by assuming greater responsibility for security policy. In the entertainment industry, studios could limit the risk of piracy and ransomware by mandating stronger and more practical security protocols. They could, for example, make funding for each film or TV production contingent on having a line item of security expenditure for measures that will be enforced. Producers and directors, who often have autonomy in running their projects, would be required to make itemised security a part of the package.

To fully protect a computer, it would need to be disconnected, switched off, placed in metal box and locked in a room. That would make it safe, but also useless. Today's media and entertainment industry is built on collaborative workflows across many external organizations and people, consequently with many inherent points of vulnerability. Services such as localization, sound and picture editing (often through freelancers), promotional marketing and distribution, are regularly undertaken by third parties, any one of whose workflows could potentially make a breach more likely.

While trust in the selection of the workflow partner is implicit, accidents happen and, as we seem to read every day, all companies are vulnerable to a breach. Think of a valet who parks your car. You trust the valet service but without a reliable lock and alarm system on your vehicle, you are increasing the risk of theft or damage while it's in their care.

There are a range of practical measures that help reduce the risk of cybercrime within an organization. Among the most important is the education, training and awareness of employees, including executives and the board.

Encryption "at-rest" and "in-motion" have long been mandated by MPAA guidelines, but surprisingly they are not always employed. Encryption-at-rest, such as Fortium's MediaSeal software, keeps data encrypted while it's being worked on or stored. If protected files are accidentally distributed or hacked the content cannot be leaked.

Piracy, ransomware and other forms of cyber-crime are serious and growing problems and can potentially threaten a company's continued viability. IBM CEO Ginni Rometty has called cyber-crime "the greatest threat to every company in the world." CEOs and board members therefore need to be cognizant of the threat, treat it seriously and understand that a rigorous, top-down security strategy can help reduce risk.

About Fortium

Fortium is a leading provider of digital content security for media and entertainment supplying innovative technologies that give businesses greater control over their pre-release content. Its MediaSeal file encryption at-rest solution protects all file types in b2b workflows, especially in sound and picture editing, international localization, digital cinema distribution and promotional marketing. Fortium’s products also help protect the Academy and BAFTA award screeners with Patronus and Blu-Lock anti-rip.

www.fortiumtech.com

Related

BlackBox-Radian

Black Box Radian Flex Software-Based Video Wall Platform Earns ISE Best of Show Award

Black Box, an industry-leading provider of pro AV connectivity and signal distribution systems, today announced that the company's Radian Flex software-based video wall platform won an ISE Best of Show Award from AV Technology Europe, a Future Publishing magazine. Of the more than 1,000 exhibitors at ISE 2019, only 15 — including Black Box with Radian Flex — earned this award, which recognizes achievements and innovations in product and service development.

Luxul_XMS-1208P

Luxul to Bring Reliability and High Performance to IBS 2019 With Latest Networking Solutions for the Smart Home

Luxul, the leading innovator of IP networking solutions for AV integrators, today announced its technology line-up for the NAHB International Builders' Show (IBS), taking place February 19-21 in Las Vegas. In the Legrand booth SU614, the company will exhibit a wide range of solutions for home builders that deliver reliable, high-performance networks in smart homes, including Gigabit switches; the next generation of wireless controller technology; indoor and outdoor wireless access points (APs); wired and wireless routers; intelligent network power distribution units (PDU); and the Wi-Fi Assurance Program exclusively for builders.

HoverCam_Pilot3

HoverCam's Pilot Series and ClassFusion Learning Platform Land Big Wins at TCEA 2019

HoverCam, a leader in innovative, interactive, and engaging education solutions, announced that the company's digital classroom solutions received three major honors from Tech & Learning at the recent Texas Computer Education Association (TCEA) 2019 Conference in San Antonio. At the show, HoverCam's Pilot 3 digital teaching station received the Award of Excellence in the District category, while the company's new Pilot X podium and ClassFusion software platform both earned Best of Show honors. The awards were presented on Feb. 6 at a special ceremony held at Casa Rio restaurant in San Antonio.

Veritone_CollegeFootballPlayoff

College Football Playoff Uses Veritone's AI and Digital Asset Management Solutions to Enable Richer Media Coverage

Veritone Inc. (Nasdaq: VERI), the creator of the world's first operating system for artificial intelligence, aiWARE™, today announced that the College Football Playoff (CFP) leveraged an expanded deployment of Veritone solutions and services for the 2019 CFP National Championship to give members of the media even faster and richer access to its content resources. In addition to the CFP's Digital Media Hub, a white-label digital asset management portal from Veritone, the CFP also utilized Veritone's Live Event Services and aiWARE artificial intelligence platform for the first time. With aiWARE, the CFP was able to apply artificial intelligence to video footage and still images of press conferences, interviews and other Media Day events to produce transcriptions, automated facial recognition of players and coaches, logo identification, and other tasks enabling expedited and enhanced coverage of the 2019 College Football Playoff National Championship. For the first time, the CFP was able to make Media Day press conference clips and images available for search and immediate download within minutes of delivery. Following the success of this deployment, CFP has renewed its agreement with Veritone through the 2020 championship game in New Orleans.