Cyber Security: The Buck Stops in the Boardroom

The growing threats of piracy and ransomware require a company-wide security strategy emanating from the top.
Author:
Publish date:

By Mathew Gilliat-Smith, CEO, Fortium

LONDON-Ever since the internet emerged as a public information gateway, thieves and pranksters have been working to exploit it for criminal gain. Today, cyber-crime is a billion-dollar industry. The perpetrators are no longer lone wolf hackers; they are multi-national cartels who reap mega-profits. They target companies large and small across all industries, inflicting devastating damage to their reputations and bottom lines.

Just last week, Uber disclosed that it paid hackers $100,000 to conceal a data breach affecting 57 million accounts, the latest in a string of scandals and legal problems for the world's most highly valued start-up. The ride-hailing firm said it fired its chief security officer and deputy for their roles in the breach and the cover up.

Given the existential nature of the threat, it's surprising to find that, according to a study by NCC Group, only 13 percent of CEOs are directly responsible for managing their company's cyber risk. Many executives assume such things are the responsibility of IT staff. When hearing of a newswire report of a high-profile cyber-crime incident, they imagine "it can't happen here." Unfortunately, when it comes to cyber-crime, it can happen to any company and, sooner or later, almost certainly will.

To avoid becoming yet another victim, companies need to adopt strategies and procedures that reduce risk. And it must be a top-down approach. Lower-level staff often lack the decision making and budgetary authority to set company-wide policy believing, "That's the board's job."

Board members have a real incentive for taking the lead in cyber security: they may be held personally accountable for a breach. Increasingly, governments and stockholders are demanding greater accountability for security issues, considering it an integral part of the directors' code of conduct.

Uber's woes followed the Equifax breach that compromised the security of 140 million Americans and was similarly kept quiet for months. There is a view that the three Equifax officers could face charges for selling stock, whether knowingly or not, before the breach was disclosed.

The WannaCry ransomware attack that appeared last May infected more than 230,000 computers worldwide. The subsequent Petya and Bad Rabbit ransomware attacks produced similar consequences. Information security firm Sophos claims "Thought WannaCry was bad? You ain't seen nothing yet" and forecasts that the perpetrators' success will embolden others and ransomware will get much worse in 2018. Criminals who write ransomware and other malicious software are now operating what amounts to profitable franchise businesses, selling their source code to others with criminal intent. They have no lack of buyers because cyber-crime pays. Some 40% of businesses admit to paying 'affordable' ransoms to avoid costly downtime and negative publicity.

Executives can avoid finding themselves in a similar position by assuming greater responsibility for security policy. In the entertainment industry, studios could limit the risk of piracy and ransomware by mandating stronger and more practical security protocols. They could, for example, make funding for each film or TV production contingent on having a line item of security expenditure for measures that will be enforced. Producers and directors, who often have autonomy in running their projects, would be required to make itemised security a part of the package.

To fully protect a computer, it would need to be disconnected, switched off, placed in metal box and locked in a room. That would make it safe, but also useless. Today's media and entertainment industry is built on collaborative workflows across many external organizations and people, consequently with many inherent points of vulnerability. Services such as localization, sound and picture editing (often through freelancers), promotional marketing and distribution, are regularly undertaken by third parties, any one of whose workflows could potentially make a breach more likely.

While trust in the selection of the workflow partner is implicit, accidents happen and, as we seem to read every day, all companies are vulnerable to a breach. Think of a valet who parks your car. You trust the valet service but without a reliable lock and alarm system on your vehicle, you are increasing the risk of theft or damage while it's in their care.

There are a range of practical measures that help reduce the risk of cybercrime within an organization. Among the most important is the education, training and awareness of employees, including executives and the board.

Encryption "at-rest" and "in-motion" have long been mandated by MPAA guidelines, but surprisingly they are not always employed. Encryption-at-rest, such as Fortium's MediaSeal software, keeps data encrypted while it's being worked on or stored. If protected files are accidentally distributed or hacked the content cannot be leaked.

Piracy, ransomware and other forms of cyber-crime are serious and growing problems and can potentially threaten a company's continued viability. IBM CEO Ginni Rometty has called cyber-crime "the greatest threat to every company in the world." CEOs and board members therefore need to be cognizant of the threat, treat it seriously and understand that a rigorous, top-down security strategy can help reduce risk.

About Fortium

Fortium is a leading provider of digital content security for media and entertainment supplying innovative technologies that give businesses greater control over their pre-release content. Its MediaSeal file encryption at-rest solution protects all file types in b2b workflows, especially in sound and picture editing, international localization, digital cinema distribution and promotional marketing. Fortium’s products also help protect the Academy and BAFTA award screeners with Patronus and Blu-Lock anti-rip.

www.fortiumtech.com

Related

More than 55 of the 2018 Fall Television and Streaming Series Rely on Blackmagic Design

More than 55 of the 2018 Fall Television and Streaming Series Rely on Blackmagic Design

Blackmagic Design today announced that the company’s production and post products were used to complete many of the fall 2018 season’s new and returning television shows and streaming series. More than 55 shows rely on Blackmagic Design’s digital film cameras; Fusion visual effects (VFX), compositing, 3D and motion graphics software; and DaVinci Resolve editing, color correction, VFX and digital audio software; as well as its switchers, routers, monitors and capture and playback devices.

Luxul_AMS-1208P

Jingle All the Way: Luxul's XMS-1208P Managed Gigabit Switch is Available for All CI Integrators this Holiday Season

Luxul, the leading innovator of IP networking solutions for AV integrators, today announced that it's giving CI integrators the gift of enterprise-level performance at affordable price points this holiday season. It doesn't matter if they've been naughty or nice, the company's XMS-1208P 12-port/18 PoE+ managed Gigabit switch — that delivers high-speed performance while enabling simple network expansion — is now available for all. And to ring in the new year, Luxul will begin shipping its AMS-1816P 18-port/16 PoE+ L2/L3 managed Gigabit switch in early January.

HoverCam_VV1

HoverCam Transforms Classrooms Fit for Future-Ready Students at Val Verde USD

HoverCam, an innovative technology leader in the digital education market, announced that Val Verde Unified School District (USD) in Parris, California, successfully installed HoverCam's Pilot digital teaching stations and CenterStage interactive flat panels (IFPs) in new STEM labs in the elementary schools, with plans for an eventual rollout to the district's middle and high schools. As part of the district's goal to create future-ready students, Val Verde USD chose HoverCam digital education solutions to address the rising challenge of updating classrooms and introducing curriculum with advanced systems that will prepare students for a rapidly changing career landscape.

ScreenShot2018-12-11at2.41.29PM.144822

The Sigma Holiday Sale Is Back!

Nothing makes gift giving as enjoyable as special prices on award-winning Sigma lenses and accessories; get the lens you’ve always craved or surprise a fellow shooter with the perfect present.

Riedel-Ruptly-Vans-3

Global News Agency Ruptly Relies on Riedel's MediorNet and Artist on Board New OB and DSNG Vehicles

Riedel's MediorNet real-time media network and Artist digital matrix intercom are providing the decentralized and redundant signal routing and communications backbone on board two all-new, state-of-the-art OB vehicles for Ruptly, a Berlin-based international news agency. Qvest Media, a world-leading system architect and integrator for the broadcast and media industries, designed and built the new broadcast van and DSNG vehicle.