July 19 marked one year since what has been described as “the largest IT outage in history” when cybersecurity company CrowdStrike updated its software that led to roughly 8.5 million systems crashing and refusing to properly restart.

A number of broadcasters were significantly impacted by the outage, including the U.K.’s Sky News and Sky Sports News. Sky News went off-air for parts of the morning on July 19, 2024, before returning with a much-changed backdrop, no graphics, autocue or packages.

In the United States, station group E.W. Scripps Co. told TV Tech that a strategy put in place over the past 10 years was able to quickly muster technical resources and identify and correct issues when they arose.

To mark one year since the outage, TV Tech and sister brand TVBEurope asked key media figures if they believe the industry has taken sufficient steps since then to prevent similar disruptions in the future.

Tim Claman, chief technology officer, Avid
One of the big learnings from that outage was that security strategies need to be more proactive and adaptive, rather than just responding to incidents after the fact. Since the outage, we have seen wider adoption of strategies that combine prevention and resilience methods.

Customers are bolstering traditional detection methods (like antivirus, EDR) with technologies that more dynamically identify potential threats, including AI-based monitoring, zero-trust models, dynamic policy management and more rigorous update testing, to help prevent and minimize impact from security incidents like we saw last year. While a lot of the technologies and approaches (CNAPP, IAM, EDR, Endpoint Isolation, Zero Trust, etc.) are not new, they are now being used more intelligently in combination with operational best practices to reduce risk.

Beyond the technological improvements and the evolution of best practices, we have seen a shift in mindset. The outage was a wake-up call for our customers, as well as for the vendor community. Media enterprises realize that they need to own their own destiny on security, rather than trusting security vendors, so they are more proactively managing their security strategies and practices. As a technology vendor, Avid is receiving more detailed and thorough security questions and requirements in RFPs, a reflection of our customers’ more intensive approach to security strategy.

Rowan de Pomerai, CEO, DPP
I think it’s probably fair to say that no, not enough focus has been given. There’s been a huge amount of business transformation and disruption, and AI has taken so much of the technical limelight, so it’s been easy to lose focus on concerns like security.

But perhaps AI could be the solution as much as the problem: contributors to the “DPP 2025 Predictions” said that “security concerns will go beyond human scale” as the capability to keep up with ever-changing threat vectors will become so complex that AI and other automation tools become essential.

Our “State of Media Technology Security” report also exposed a gulf between customers and vendors when it came to their assessment of the security of modern media technology tools. Clearly, there is more collaboration needed as we move forward.

Neil Maycock, TVBEurope contributor and business adviser
I think the CrowdStrike incident really highlighted that trying to protect against the ever evolving threats in cyber security carries its own risks, and the fact that major operations were so severely impacted is a testament to that. These were companies who take security very seriously and will have had extensive protocols in place to keep systems safely up to date, and yet an unforeseen scenario had devastating consequences. Therefore, to answer the question have sufficient steps been taken to prevent a repeat, I think the answer is of course industry will have protected itself from another CrowdStrike, but the real question is it ever possible to anticipate all possible scenarios?

Cybersecurity is a classic risk management exercise, where risk must be balanced against cost, both financial and operational impact. If we lock our systems down to the extent it compromises the ability of our organisation to operate, then the cost may outweigh the potential risks. Quantifying the risk and cost impact is a massive challenge, and one that is getting harder all the time. We frequently talk about the impact of AI in the media industry, but across all sectors AI is now being leveraged to implement ever more sophisticated cyber-attacks. For example, AI’s ability to impersonate key personnel, or create very specific personalised phishing attacks is creating new challenges.

Ensuring companies are adequately protected is an unenviable challenge.

Karl Paulsen, TV Tech contributor and retired CTO
I suspect this won’t be the last time we see something like this happen when there are so many moving parts in a single system. With Windows 10 support evaporating, much of the base software for users will be shifted and everybody and their dog will be wondering how to address a significant change in their hardware and software (including third-party support).

Impacts on multi-cloud will need to be managed, and it is still unclear what “AI” is going to do to everyone’s architectures. Errors are still likely to occur and an overload of systems management is a potential liability.

Dan Pisarski, chief technology officer, LiveU
The notorious CrowdStrike outage in 2024 taught an important lesson about shared vulnerabilities: you could have an entire, physically diverse set of servers and workstations—even in a building designed to withstand disasters (what if a meteor falls on the building, after all?)—but if every one of those servers runs CrowdStrike, you’re still at risk. This event has put real pressure on media organisations to rethink what disaster recovery looks like, especially when it comes to intentionally building diversity into Disaster Recovery (DR) plans.

Is your primary production on-prem? Then your DR should be in the cloud. Is your playout path based on a local fibre run? Then your DR plan should use wireless. The goal is simple: if something happens that wipes out an entire class of options (as the CrowdStrike incident did to Windows PCs and servers), you need a diverse DR plan that can avoid the fate that takes down not just one component, but an entire class of your mission-critical systems.

Cloud-based production platforms provide a diverse form of backup to hardware-based production solutions running Windows. If there is another day when “all Windows PCs don’t work in the world”, then you have a backup plan. The cloud solution does not require integration with Windows, and while it is not an exact match 1:1 of features of a hardware-based solution, that matters less when it is becomes the primary solution in a disaster recovery scenario.

This kind of built-in diversity applies at both small and large scales. At the small scale, for example, your bonded-cellular active/active wireless transmissions should use multiple carriers—not just for performance, but also “just in case” one carrier experiences a localized or nationwide outage (it’s happened!). On a much larger scale, diversity might mean having an elastically scalable cloud production service ready to go, even if you “usually” rely on on-prem production.

Earlier this year, The Motion Picture Association (MPA) revealed that it’s planning to work with Congress to establish site-blocking legislation in the United States. With such an order in place, broadcasters, rights holders and content owners would be able to ask the court to order Internet Service Providers (ISPs) to block websites sharing stolen content. MPA CEO Charles Rivkin highlighted that many countries use blocking as a tool against piracy and he strongly believes that the U.S. should be one of them.

For years, sports providers and media and entertainment companies outside the U.S. have been using domain and server blocking because it is a sophisticated enforcement method that stops piracy more effectively than traditional approaches.

Testing the Waters: What is Blocking?
In simple terms, blocking disrupts access to illegal content. Once an organization identifies that content is being stolen, blocking can rapidly make a significant impact, cutting off access to illegal streams and helping content owners and rights holders secure their revenue.

Although there are multiple deployment methods, there are two main types of blocking: Domain blocking, which works to stop access to pirated content at a domain resolution level; and server blocking, which restricts access to pirated content at a residential ISP level in real time.

Domain blocking works by deleting certain records in the Domain Name System (DNS) – essentially the phonebook of the internet. So, if an address has been subject to a domain blocking order, the record of the domain is removed from the public register so that when someone types in the URL in their browser, no result will appear.

In countries where it can be used, server blocking proved to be one of the most effective forms of supply-side content protection actions. It allows ISPs to block their subscribers from accessing pirated content, following specific legislation issued by the appropriate regional authority.

Blocking is especially effective in changing consumer behavior: as viewers get blocked by their ISP, it encourages them to watch their content on legitimate commercial sites – either because they discovered that they were unknowingly using a pirate service, or simply because they still want to access the content and are now forced to view it legitimately.

On the other hand, establishing which targets should not be blocked is equally critical. That means ensuring that any blocking target won’t cause collateral damage on unrelated and legitimate services. To prevent over-blocking and ensure proportionality, the IP block list should be updated every five minutes, and any IP addresses should be subjected to a battery of customizable tests.

Blocking is a technical tool approved by legal governing bodies in more than 40 jurisdictions. These regions have either adopted and implemented blocking, or are legally obligated to adopt measures ensuring that ISPs can block access to copyright-infringing websites.

Navigating International Waters
If the United States were to establish and enforce site-blocking legislation, they would be far from a test case.

Blocking technology has proven to effectively stop piracy. In fact, in Indonesia, blocking caused a significant drop in reach of pirated content—from 437 million to 118 million views, a 75% reduction from 2020 to 2022.

In France, blocking has also proven to be successful for live sports streaming. Between January and June 2022, the overall pirate sports audience decreased by 49%, thanks to blocking measures.

The Court of Justice of the European Union (CJEU) has closely examined the use of blocking and determined it to be effective and fair, based on its success in Europe. With that, the Information Technology & Innovation Foundation (ITIF) – an independent nonprofit, nonpartisan research and educational institute recognized as a leading think tank for science and technology policy—among other organizations also shared their support for the U.S. pursuing blocking, noting that, “it would be a massive step in the right direction if policymakers in the United States and around the world could focus on the facts and weigh up the various interests and stakeholders in a similarly sober and dispassionate way as the CJEU.”

Other countries closer to North America have also explored blocking to combat piracy. For example, key Canadian operators have worked with an advanced video security and anti-piracy provider to detect piracy. And with that, government orders to dynamically block pirated access were swiftly implemented.

With blocking, illegal streams can be stopped in under four minutes, a timeframe that is critical when it comes to live sports content. Their provider monitors illicit streams so illegal servers can be blocked in an instant, ultimately reducing pirated streams of NHL and NBA games in Canada.

Steering the Ship: The Path Forward with Blocking
The evidence is clear: blocking is an effective tool in the fight against video piracy. The United States, with its massive media and entertainment industry, stands to benefit immensely from adopting such measures. By following the examples set by other countries, the U.S. can protect its premium content, secure revenue for rights holders, and maintain a fair and legal digital landscape.

It would be in the best interest of U.S. businesses to test the waters and get aboard with site-blocking, charting a course towards a more secure and prosperous future for digital media.

While many Americans tell pollsters they are not loving the potential impact of AI on society, with 75% saying they are concerned about misinformation from artificial intelligence, they are certainly loving the tools it provides to express their love on Valentine’s Day.

A new survey from McAfee Research has found that nearly half (45%) of all men will use AI to write love messages this Valentine’s Day, up from 30% last year. The survey also found that more Americans (39%) are looking to use AI to write Valentine’s Day messages than last year (26%).

Overall the survey found a growing prominence of AI tools in the love lives of Americans, both for good and ill. The survey found that the increased use of AI has produced greater concern for telling real from fake online, with 58% of Americans encountering fake profiles online. About 30% of men and 27% of women said they are using AI to enhance their online dating profile, pics, and messages online. In addition nearly one third of Americans (31%) say they communicated with a love interest who turned out to be a scammer

McAfee’s second annual “Modern Love” study surveyed 7,000 people in seven countries worldwide and discovered that nearly one in four (23%) Americans are using AI tools to help create photos or other content when dating online. 

This contrasts sharply with people’s feelings about receiving AI-generated content: Nearly two-thirds (64%) expressed distrust towards potential love interests who used AI-generated imagery and chat bots on their profiles. Further, the prevalence of romance scams emerged with one-third (31%) of Americans saying their conversations with a potential love interest online turned out to be with a scammer.

Despite mixed feelings and experiences, the effectiveness of AI is undeniable: 69% of people reported receiving more interest and better responses using AI-generated content than when they drafted or used their own original content. Additionally, 39% of Americans are planning to or considering using artificial intelligence to write a Valentine’s Card or other messages to a love interest. This sentiment opposes their feelings about being romanced via code: 57% of people said they would be hurt or offended if they found out AI wrote their Valentine's message.

“The possibilities of AI are endless, and unfortunately, so are the perils. For people who are shy about starting conversations, short on time to craft the perfect message, or whose photos could be brightened, AI offers tools to help enjoy all the fun and excitement that comes with online dating,” said Steve Grobman, McAfee’s Chief Technology Officer.

"Unfortunately, we know cybercriminals also use AI to scale malicious activity. With love-seekers spending more time online leading up to Valentine's Day, scammers are using AI to pose as love interests to steal money or personal information,” he continued. “We encourage people to balance romantic hope with healthy skepticism, to pause before sharing sensitive information online, and to ensure they use the right tools to protect their privacy, identity, and personal information."

Other highlights of the survey include:

• Online dating remains pervasive, with 58% of Americans using, or having used, dating websites, apps, or social media to find love. However, the rise of powerful, easy-to-use AI tools complicates the online dating landscape. By leveraging these tools, romance scammers can craft convincing messages and realistic profile images to trick people looking for love online. Nearly half (46%) of Americans said they are unsure or don’t believe they could identify AI-generated love messages.
• Those looking for love are often more vulnerable to scams, and cybercriminals use that vulnerability to their advantage by engaging in long and sophisticated attempts to steal from victims. 57% of Americans said they were asked to transfer money soon after meeting a love interest and 30% of these people were asked to send more than $1,000.
• These findings underscore the escalating threat of romance scams in the digital dating world and the need for increased online dating security awareness and protection. 
• 1 in 10 (11%) of respondents reported having a love interest ask for passwords.
• 20% were asked to share their birth date.
• 23% were asked to share an intimate photo or video.
• 10% were asked to share a social security number or something similar.
• McAfee Labs is reporting that increased Valentine-related malware campaigns (25% surge), malicious URLs (300% increase), and a variety of romance-themed spam and email scams (a staggering 400% increase), with the majority focused on Valentine’s shopping and gifts. 
• The use of AI-generated images for fake profiles and photos appears to be growing: 58% of people said they’d come across fake profiles or photos that look AI-generated in the past year, on dating websites, apps, or on social media. Specifically:
• 46% of people saw fake profiles or photos on social media platforms.
• 20% of people saw fake profiles or photos on mainstream dating platforms.
• 14% saw fake photos or profiles on chat forums or communities.
• 12% saw fake photos or profiles on specialized dating platforms.
• 11% saw fake profiles or photos on professional networking platforms.
• In a dating pool filled with an increasing number of scams and AI content, online daters are doing their dating diligence: 38% said they used reverse image search on profile pictures of people they’ve met on social media or dating sites; 59% of respondents said they often use social media to dig into the background of their potential partners; of those who have done so, 35% said it made their opinion about them more positive, and 23% said it made their opinion about them more negative; 13% said doing so made them realize they were being scammed, and 7% said they realized their potential partner had scammed others before; 11% said social media sleuthing made them realize their love interest was in a relationship with someone else.

PHILADELPHIA—With a record number of connected devices expected to flood into homes during this holiday season, Comcast’s newly released Xfinity Cyber Health Report indicates that the vast majority of Americans are not taking proper precautions to deal with the cybersecurity threats these devices can pose. 

The new Comcast survey found that more than three in four Americans (78 percent) admit to risky online behaviors that open them up to cyber threats, such as reusing or sharing passwords and skipping software updates. And despite widespread publicity regarding the problems cyberattacks can create, that alarming level of unsafe behavior up 14% from just two years ago, Comcast reported. 

The report, which combines data from a new consumer survey with actual threat data collected by Xfinity’s xFi Advanced Security platform, also reveals that the service, which is free for Xfinity customers who lease a capable Xfinity gateway, has blocked nearly 10 billion cybersecurity threats since launching less than five years ago.

"Our Xfinity Cyber Health Report demonstrates that, despite more awareness about the prevalence of cybersecurity risks, we have to continue to be diligent to ensure our devices in homes, and the people using them, stay safe,” said Noopur Davis, executive vice president, chief information security officer and product privacy officer, Comcast. “The digital security of our customers is our top priority. As the number and complexity of cyber threats grow each day, we use smart tools and technologies across our network to offer multiple layers of protection to help keep our customers safe.”

The Xfinity Cyber Health Report summarizes cyber threat trends from Xfinity’s xFi Advanced Security, the growing list of devices in connected homes, and a view into consumers’ attitudes and behaviors around cyber protection. Key findings include:

• Connected Homes Are Expanding and So Is Attack Volume: Xfinity xFi homes average 15 connected devices, up 25 percent from 2020. Power users average 34 devices. And 58 percent of consumers plan to buy at least one connected device this holiday season. xFi Advanced Security blocks an average of 23 unique threats per home each month – with the total number of attacks at least three-to-four times that number, since many attacks are repeated.
• Consumers Still Underestimate Threats: Nearly three fourths (74 percent) of Americans believe less than 10 attacks hit their home network every month. 61 percent believe devices are protected from threats right out-of-the-box at purchase. This leaves many new devices open to potential threats without protection.
• Consumers Unsure They’d Know They’ve Been Hacked: When asked how soon they would know whether they were a victim of a cyberattack, only 20 percent said immediately. Another 32 percent said they aren’t sure they’d ever know if they were a victim of a cyberattack. And 51 percent of respondents noted they are not confident that they would know if a non-screen device was hacked, such as a robot vacuum or a smart plug.
• Emerging Device Vulnerabilities Misunderstood: Computers and smartphones remain the top two targeted devices consistent with findings in 2020. While consumers recognize the risks associated with these two device types, they underestimate the risk with emerging devices in their homes. In fact, xFi Advanced Security blocked threats to smart watches, lighting, thermostats, doorbells, garage openers, sports and fitness equipment, sprinkler systems and even cars, drones and pet accessories.
• Generational Cyber Divide: 70 percent of Boomers admit to unsafe behaviors compared with Gen X (82 percent), Millennials (83 percent) and Gen Z (87 percent). Gen Z had the lowest awareness of common threats such as phishing and malware. 77 percent of Millennials are likely to buy a connected device this holiday season, the most for any segment surveyed.

In addition to the network and consumer data, the 2022 Xfinity Cyber Health Report includes insights from Asad Haque, Comcast’s executive director of security architecture, regarding connected home security with Matter and xPKI; a technology primer on Comcast’s threat analytics platform from David White, vice president, security engineering at Comcast; an overview of the role of Comcast’s xGitGuardTM software in data privacy from Bahman Rashidi, Ph.D., director, cybersecurity & privacy engineering research; and five actionable tips for consumers on securing their connected home.

As the largest broadband provider in the U.S. serving more than 32 million internet customer households, Comcast provides the xFi Advanced Security service to protect home networks from cyber threats and is free to all internet customers with the xFi Gateway who sign in through the Xfinity app. 

The survey, conducted by Wakefield Research, polled 1,000 nationally representative U.S. adults ages 18 and older in November 2022, using an email invitation and an online survey. 

The full 2022 Xfinity Cyber Health Report is available here.  

A public draft of proposed EAS rules being circulated by the FCC would require EAS participants, including broadcasters, to certify annually that they have implemented a cybersecurity risk management plan for their EAS system.

If adopted, the new rules would require broadcasters to report incidents of unauthorized access of its EAS equipment within 72 hours of when it knew or should have known the incident occurred. According to the Notice of Proposed Rulemaking (NPRM) being considered, this would bolster the security of the nation’s public alert and warning systems.

The proposal to strengthen the operational readiness of EAS equipment would require broadcasters to employ “sufficient security measures to ensure the confidentiality, integrity, and availability of their respective alerting systems.” 

The draft NPRM is not a final adopted action, but it shows the commission is giving tentative consideration for the changes, which could be approved at the FCC’s Oct. 27 monthly meeting.  

FCC Chairwoman Jessica Rosenworcel has been pushing for a more solid EAS foundation: “It is critical that these public safety systems are secure against cyber threats, which means that we must be proactive.” 

The FCC says there have been several occasions of cyber attacks on EAS equipment. Notably, a 2013 attack on equipment at TV stations in Michigan, Montana, Utah, New Mexico and California notified viewers of a “zombie attack” hoax.

 The commission says that the hack could have been prevented had the EAS participants involved changed manufacturer default passwords on their EAS equipment, installed firewalls, or taken other appropriate security measures. 

In addition, in 2020 hackers compromised the EAS systems of an EAS participant in Jefferson County, Wash., and caused the transmission of false EAS alerts describing a fake Radiological Hazard Warning that affected approximately 3,000 homes.

The FCC has previously warned broadcasters their EAS equipment connected to the Internet were potentially vulnerable to IP-based attacks due to inadequate network security or unsecure device settings. At the time the commission urged them to secure their EAS equipment by installing current security patches, and using firewalls.

Most recently, on August 1, 2022, FEMA issued an advisory on a potential vulnerability in certain EAS encoder/decoder devices that have not been updated to most recent software versions.

The FCC draft also addresses the overall operational readiness of EAS equipment. Currently, broadcasters and cable providers may continue operations for a period of 60 days despite having defective EAS equipment that preclude their participation in EAS. The FCC notes that, according to the last nationwide EAS test report, “an appreciable number of EAS participants were unable to participate in testing due to equipment failure — despite advance notice that such test was to take place — suggesting that equipment failures are not addressed by EAS participants as swiftly as reasonably possible and that more needs to be done to improve EAS operational readiness.”

The FCC also addresses the security of Wireless Emergency Alerts (WEA) in the public draft and is likely to require wireless providers to take steps to ensure only valid alerts are displayed on consumer devices.   

If adopted, the new rules would clearly increase compliance and the amount of effort and paperwork on behalf of broadcasters, according to observers. The FCC says in the draft: “We believe that EAS participants will, on average, require 10 hours annually to initially draft a plan and then update the plan and submit their certification annually.”

The commission says it expects to consider the economic impact and alternatives for small entities following the review of comments filed in response to the NPRM, including costs and benefits analyses.

“We believe that the benefits of this proposal outweigh the costs. However, we [expect to] seek comment on any measures that the commission could take to reduce burdens on EAS participants if it were to take further steps to promote the operational readiness of EAS equipment,” according to the FCC document.

If the commissioners vote “yes” this week then a comment period will commence 30 days after the date of publication in the Federal Register.  

LEWES, Del.—A new analysis from Atlas VPN shows that sophisticated automated cyber attacks are on the rise and that the streaming industry has become the top target of these attacks.

The growth is worrying because these sophisticated attacks can emulate human behavior to evade detection by imitating human keystrokes and mouse movements to trick standard bot-detection tools.

According to the data presented by the Atlas VPN team, 73% of attacks directed at the streaming industry were sophisticated. Alarmingly, their data also shows that the stolen credential success rate has risen significantly during login attacks, meaning hackers took away more accounts.

Comparing H2 2020 and H1 2021, the most significant increase in credential success rate was in the streaming industry, going up from 0.19% to 29%. The second-biggest increase was seen in the event ticketing industry, where login success percentage went up from 3.95% to 16%.

Due to the pandemic, usage of streaming services increased exponentially, meaning that more people became vulnerable to cybercrime as the number of sophisticated cyber attacks increased. That has also made Netflix a prime target, Atlas VPN noted. 

“Advanced hackers nowadays deploy bots that can convincingly mimic human behavior and launch thousands of bots at once to overwhelm standard security systems,” explained William Sword, a cybersecurity writer and researcher at Atlas VPN. "As cyberattacks get more sophisticated, it is not enough to use traditional security tools such as antivirus. Organizations should also employ bot protection services.”

The data is based on NuData Security report, “H1 2021: Fraud Risk at a Glance.” Analysts collected the statistics for the report from January 1 - June 30, 2021.

More information and details from Atlas VPN analysis can be found here. 

CARDIFF, WALES—So, the big topic that is on the tip of every Tom, Dick and Harry’s tongue is content security. Chances are, you’ve heard that a few high-profile companies have fallen victim to ruthless cyber-attacks recently. As Simon Harper, channel marketing manager, Sony has said: “it sounds like a mediocre science fiction film, doesn’t it?” In fact, Simon has pointed out that the National Cyber Security Centre’s ‘Cyber Security Break Survey’, published in April, revealed that nearly seven in 10 large businesses identified a breach or attack in 2016. Scary, right?

If you haven’t heard of the Workflow Innovation Group (WIG), it was started back in 2009 by a group of small companies dedicated to solving the woes of the broadcast technology community. Right now, we are on a mission to tackle the thorny and painful issue of content security. Our next event is in October this year at the Principality Stadium, Cardiff, where we are all going to be learning from the broadcast community about the challenges they are facing and what they are doing about it. We will also be discussing the best ways to combat those challenges using technologies that are integrated into the way that they work.

But first, we’re going to explain to you exactly why the recent scandals are simply a drop in the ocean. It is happening to everyone—and it could happen to you.

IT'S EVERYWHERE

The truth that most of the industry doesn’t want to acknowledge is that it isn’t just high-profile targets that are being hit by this wave of cyber crime. It’s happening to everyone, from every industry. Like Mathew Gilliat-Smith, CEO, Fortium has said, “There are plenty of examples. Some high profile, some small and quiet.”

Even we have experienced emails requesting bank information that had supposedly come from our CEO. Luckily, we share offices and knew that this wasn’t true. But wouldn’t that have been awful? A data security company leaking banking information and probably being robbed blind? As ironic as that situation could have been, it probably wouldn’t have been broadcast. So, how many other stories do you think go untold?

PULL YOUR PANTS UP CHARLIE!

So, why are media companies so vulnerable? Something all of us can agree on is that media companies have the terrible habit of storing all of their data in one place. Not only that, but we all know how much consumers value content. “It’s the trophy and high profile aspects of what media companies do,” says Gilliat-Smith. The fact is that media companies are holding the crown jewels in their storage, and that is easily recognizable to criminals.

Harper has argued that “the fact is that content is the most important asset in the media industry”. The anticipation of a series finale, or the strong wish not to expose spoilers makes the leverage potential for stolen content extremely high, and therefore extremely valuable. Harper commented that “valuable data should always be backed-up in at least one, preferably two places.” So why aren’t they?

Media companies are also vulnerable because of the methods of their workflow. Gilliat-Smith commented that “[media companies] are typically working with multiple third parties, and the more people involved, the larger the vulnerability.” This opens the companies up to both internal and external weakness in security. Furthermore, Patrik Malmberg, marketing manager, Vidispine has pointed out that “the infrastructure aspect with a lot of legacy software and hardware built on top of each other to solve integration problems, simply makes security issues harder to find and address.”

Implementing a proper security platform can easily combat this, as can encryption of content so that even if it is accessed, it can’t be used as leverage. Fortium highly advocates the method of encryption at rest that stays with the file throughout the pre-release. Many companies have encryption standards for content when it is in transit, but fail to protect the files when they are at rest. This can be difficult and cause programming issues. However, companies like Fortium have developed solutions to make this easier for users.

DARKNESS AT THE END OF THE TUNNEL?

What does the future look like for media companies? Will they continue to fall victim to these attacks? Yes. A very big, resounding yes. Not only is content going to never lose its value, as OTT continues to make a rapid rise, but it “is a cat and mouse game” as Gilliat-Smith pointed out. Not only are media companies reluctant to invest in the needed security measures but overall seem uninformed of the sheer vulnerability of their systems.

This current situation of large name companies falling victim to the simplest of hacks, is only going to get worse. Malmberg has commented that “We think the situation will become worse over the next year(s) as equipment gets older. The shift to cloud can, if done badly, also make the situation worse before it gets better. However, moving things to cloud will hopefully be a part of modernizing infrastructure and workflows, which in itself will help with security.” As we have seen time and time again, companies are failing to recognize the issue here.

SOMETHING TO TAKE AWAY

The main message that we are trying to get across here is that with the evolution of technology over the last few years, media companies have become outdated and underprepared for cyber attacks, as we have seen. This, as well as the emergence of cloud storage and the considerations of a third party workflow has resulted in content being unsecure. We, as a collective, think that this isn’t something that can ever be completely overcome. We are all well aware that there is only so much preparation that can be undertaken to ensure data security, but the subject has been painfully overlooked and disregarded by the industry in the past.

Like Malmberg has said “Security is not only about technology, but also about processes and people.” Yes, the framework of security for your company will be based on technological solutions, but it is also important to make sure that your workflow is efficient and reliable. It is because of attempts to keep costs low and cut corners in security that companies are so vulnerable. Now we are witnessing the age old term of “you reap what you sow.” So, come on media companies, it is time to listen.

By Nick Pearce-Tomenius, sales and marketing director, Object Matrix.
With contribution from Fortium, Sony and Vidispine.

TV Technology is hosting a Cyber Defense Boot Camp in New York and Washington, D.C. Find out more here. 

This story originally appeared on TVT's sister publication TVB Europe. 

ALEXANDRIA, VA.—You don’t have to think too far back as to the possible threat that cyberattacks can have on a company, just look at the recent HBO hack. As today’s media operations continue to migrate to an all IP and connected environment, the risk of intrusion, corruption, theft and loss of valuable intellectual property from cyberattacks is on the rise. That is why TV Technology has partnered with Obor Digital to provide a group of training courses to help broadcast and entertainment media professionals learn to combat these cyberattacks.

The TV Technology Cyber Defense Boot Camp is designed for broadcast engineers and IT operators to address the cyber vulnerabilities that broadcasters face. Courses offered include a one-day and two-day training session with instructors Rob Caldwell, president and CEO of Obor Digital, and Phillip Stoner.

Taking information that they have garnered from working with cybersecurity operators in the military, Caldwell has filled the course with lectures and interactive labs that address the key cyber vulnerabilities, including theft of intellectual property, deliberate or terrorist threat of content modification, interruption of business and malicious damage.

“This isn’t just information and it’s not just lectures,” said Caldwell. “These are real-world best practices that are literally the same things that are being taught to our cybersecurity forces in the military and cyber operators. You don’t get just the knowledge, you get knowledge and skills and you come out of there with the ability to say ‘I can take this back to my facility and use this on a day-to-day basis.’”

Three events scheduled: The first is a one-day training session in Atlanta on Sept. 25. The second will take place in New York and another one-day session on Oct. 19. Finally, there will be both a one-day and two-day session in Washington D.C., Nov. 28-29.

For more information or to register for any of the events, please visit www.tvtechnology.com/cyber, or watch the video below.

The days of summer are almost over and many college students are on their way back to their respective halls of learning, ready to crack open the books and study up – eventually anyway. You don’t have to be a student though to take a few refresher courses. As the TV landscape seems to be in a constant state of motion, it certainly wouldn’t hurt broadcasters and engineers to be up to date on some of the industry’s biggest topics. Here are some subjects that TV professionals might want to study up on.

4. FCC Rules

Like history, the FCC never stops. All broadcast professionals must always keep a keen eye on the latest amendments to regulations, or whole new legislature. For example, the FCC recently announced an amendment repurposing broadcast television band spectrum for new wireless services that will alter the regulatory landscape for unlicensed white space devices and wireless microphones operating in the bands currently allocated for television broadcasting. Just when you think you have things down, the FCC offers something new for you to learn.

3. Single Frequency Networks

With the Television Spectrum Incentive auction currently slated for March 29, 2016, there’s a good amount of time to prepare for all the possible elements of the auction’s aftermath. One side of it that would be good to look into is Single Frequency Networks. With the amount of spectrum already shrinking, and even less likely to be available after the auction, SFN’s can potentially help broadcasters tailor coverage to a given market and minimize spill-over.

2. Cyber Security

Over the last year there have been a number of high-profile cyber-attacks against high-profile companies, and even our own government. As a result, the need for cyber-security has become a priority for many. But, as Forbes points out in a recent article, there are still many elements of cyber security that people need to become more familiar with. With the industry constantly moving toward more digital and IT technologies, people need to be sure they are on top of this potential threat.

1. ATSC 3.0

We’ve talked a lot about ATSC 3.0 already on both print and online, but it’s worth it. The next-generation broadcast standard is still in development, but it will have the biggest impact on the industry by far. In addition to covering many of the recent broadcast developments like interactivity, mobile devices and higher-resolution images, ATSC 3.0 also plans to be able to adapt to new technologies as they emerge. The suspected impact that ATSC 3.0 will have will force engineers and broadcasters to adapt too, and quickly, so better get a head-start now.