Facilities urged to step up security as IT breaches rise

Cyber-attacks are now an almost daily occurrence for broadcasters in the UK and US, but steps to safeguard against hacks within the rest of the supply chain are uneven at best, it has been suggested.

Mark Harrison, managing director of the Digital Production Partnership (DPP), said: “While there is a general sense in the supply chain that we all have to help each other, there are some critical infrastructure suppliers that have not adopted the kind of security measures customers would like to see. [They argue] that doing so would impact the performance of their tools or services.”

While reported breaches of digital security among London’s facilities are rare, PwC’s global State of Information Security 2017 survey found that the media and entertainment sector experienced a 26% rise in incidents last year, with resulting financial losses soaring by 81%.

Simon Miller, director at insurer Yutree, told Broadcast there had been “a big uplift in clients taking cover” in recent times. He said that more than one post-production house had come “close to losing their networks”.

“There are big concerns about cyber-security among the US studios,” confirmed Jellyfish Pictures chief executive Phil Dobree. “It’s like the cold war. As soon as you implement new things, someone finds a way around it.”

The biggest concern is denial of service, where criminals look to interrupt or shut down the networks that link facilities to the internet or cloud, possibly extorting a ransom to put it back on line.

“The average cost for a small business of a cyber-breach is £75,000 to £100,000,” revealed Miller. “If your network is down, there is immediate loss of trading revenue.”

In 2016, Doctor Who VFX house Milk, along with Double Negative, Framestore, MPC and Sohonet, collaborated on the Creative Industries Security Environment (CISE). The £740,000
project created an open-source toolkit and specifications for monitoring traffic in and out of facilities.

“The studios accept that a hack will happen at some point, and that nobody can stop it,” acknowledged Milk head of systems Dave Goodbourn. “Better monitoring means you will at least track the hack down before it gets any more serious.”