< Back to Blog
Expert Advice: 6 Ways for Media Companies to Feel More Confident About Their Cybersecurity
Security Best Practices & Advice

Expert Advice: 6 Ways for Media Companies to Feel More Confident About Their Cybersecurity

By Elad Shapira Sep 16, 20184 min read

Elad Shapira provides valuable guidance on how media companies can feel more secure about their cybersecurity.

It’s not surprising that media companies aren’t confident about their security levels. In fact, media companies are an ongoing target – be it by political activists, nation states (as in the cases of attacks against The NY Times and Sony Pictures), or even just hackers trying to leverage their skills to make money from the content they steal (as in the case of Netflix). Even the video-gaming industry is a target, as Steam has publicly acknowledged in the past.

Get the best third-party security content sent right to your inbox

Thanks for subscribing!

To increase their security confidence level, media companies need to follow these steps:

1. Discover assets. Sometimes it may just be that an employee fired up a server to upload certain content for testing, not considering how to secure the server. In another scenario, there might a long forgotten, not updated or patched online server.

2. Map and prioritize the business impact of assets. Not all assets are created equal. An online release of a video prior to its debut screening may create reputational and financial damage to a company. Credit card details of subscribers are under regulatory control. Each company needs to consider its assets and their business effect on the company.

3. Place safety measures around these assets. Safety measures should span various levels, including network and IT (say, to prevent a DDoS attack) and the application (e.g., to avoid hacking to gamer accounts). It’s important to even consider the human aspects; for example, avoiding the case of a disgruntled employee exposing sensitive and proprietary data.

4. Create an incident response plan. This is not just a technological approach, but a step that must also involve various teams and processes. In case of an attack against the company, there should be an advanced and thought-out plan to handle the attack. The security team needs to investigate the alerts and reach the technological origin of the attack. The IT team needs to help restore any lost content or back up new data. The PR legal teams need to enter “crisis management” mode and be ready to respond.

5. Continuously monitor the assets. It’s not enough to simply put in place security measures and then just forget their existence. Company assets need to be continuously monitored – to ensure that the servers are continually hardened, that vulnerabilities are patched in a timely manner, security tools are correctly configured and that no asset is mistakenly and suddenly revealed on the Internet. With each change to the security posture of the company, the security team should be alerted and be able to deal with it according to the incident response plan they put in place.

6. Don’t forget the suppliers! Throughout all the steps, it must be assumed that the company’s assets include the company’s suppliers. For example, the company’s legal firm holds information regarding an upcoming acquisition or M&A; the PR firm holds information regarding the upcoming release of a movie; contractors may have advance access to the cover page of the next released magazine; or an outsourcing video production rendering company holds the source code to the latest animated film. All these suppliers pose a financial and reputational risk to the media company, so it’s important to consider cybersecurity for third-party companies. As with previous steps, the company needs to determine the business risk that the supplier poses to the company and take the right measures to continuously reduce that risk. Such measures may include monitoring and restricting suppliers’ access to a need-to-know and when-to-know basis, demanding endpoint protection on contractor’s devices, and even requesting background checks for highly sensitive contractors.

Author Thumbnail
Elad Shapira

Elad Shapira is Head of Research at Panorays. As a cybersecurity lecturer and self-described geek, he likes hardware hacking, low level development, playing Capture the Flag and making and breaking things.

You may also like...
Sales Security Blog
Sep 28, 2022 Verifiable Security Posture Can Help Shorten Sales Cycles Aviva Spotts
Third-Party Security Risk Management
Sep 06, 2022 Third-Party Security Risk Management: A Critical Component of Your Risk… Aviva Spotts
Anatomy of a Healthcare Data Breach
Aug 03, 2022 Anatomy of a Healthcare Data Breach Demi Ben-Ari
Get Started Free
We use cookies to ensure you get the best experience on our website. Visit our Cookie Policy for more information.
Get our latest posts straight to your inbox Subscribe