Three infamous media security breaches – and how to avoid your own

No business is safe from cyberattacks, but some industries are more vulnerable than most. Media is irresistible to cybercriminals. From Facebook to Sony, media data breaches have hit the news in the last few years.

Don’t be fooled into thinking that your small business is immune, however. Increasingly, post-production and media supply firms have been targeted as a less well guarded route into a lucrative supply chain or a big corporate. Lack of IT specialist staff, lower grade security systems, and less of a focus on good cyber practices for staff and freelancers add up to an attractive proposition for cyberthieves.

Why the media industry is at greater risk

Billions of people hold data with media companies. Facebook has more than 2.27 billion accounts alone, creating a huge surface area for cybercriminals to take advantage of.

Then there’s the fact that media corporates often rely on outside vendors and a complex supply chain. Even if the Netflix’s and BBC’s of this world are confident of their security systems, they struggle to keep tabs on how safe their supply chain is.

Learning lessons from the biggest breaches

What can small businesses learn from the very public data breaches that have affected media corporates? Here are three of the biggest:

1. Buzzfeed

Buzzfeed was hacked by ‘OurMine’ back in 2016. The group changed headlines to ‘Hacked by Ourmine’, added profanities and redirected some pages to their own website. Wired Magazine pinpointed the source of the attack back to a previous large-scale data breach that had exposed Buzzfeed staffers’ login credentials.

2. Sony

Sony customer accounts were breached by hackers in 2014, where personal data was accessed and wiped from their systems and staff found themselves locked out of systems with a grinning red skull image displayed. This also came with threats about attacking cinemas scheduled to screen the controversial film ‘The Interview’, forcing Sony to release the film online-only. Hackers then started to publish data online, including the salaries of over 10,000 Sony employees and film stars, and sensitive email traffic used by film executives – a breach that amounted to more than 100 terabytes of data.

3. DailyMotion

Video sharing site – and one of the most visited sites globally – DailyMotion was hacked in 2016. Russian hackers known as ‘Peace’ stole data from 85.2 million user accounts, including email addresses and passwords. Just last year, DailyMotion was fined €50,000 over the incident.

Common security issues

Despite the size of these businesses, the security issues are ones we see time and time again with our smaller media clients, including:

• Gaining access to multiple systems because staff have recycled passwords (i.e. used the same credentials for different logins)
• Companies are ill-equipped to deal with incidents when they happen, regardless of how well-documented their processes are
• Third-party suppliers and networks are an easy gateway into a bigger source of data, so cybercriminals will happily pursue smaller vendors.

How to protect your small media business

There are no easy answers when it comes to protecting your small business from cybersecurity threats. A good rule of thumb, however, is to only store customer data that’s essential to running your business, and giving the minimum amount of access to staff and freelancers. Less is more.

Outsourcing your IT to a team of experts is also one way of making sure you’re on top of the latest security threats – and have access to security systems that might not otherwise be available to a single small business.

At Marshall, we offer remote monitoring and everything you’d expect from an IT company – plus specialist services aimed at TV and film production. We’re not just saying that. With a pedigree working with production companies and post-production houses, we understand the unique challenges faced by media businesses. Contact us to find out more.