50% of the media vendors using CMS have vulnerabilities

Daily, we see breaking news stories about yet another company that has suffered a cyberattack, data breach, or fallen victim to ransomware. In fact, the rise of ransomware in the last couple of years has crippled organisations worldwide with the average ransomware pay-out reaching almost $250,000 in 2021, with some payouts exceeding $5,000,000.

BlueVoyant research reveals one third of media vendors susceptible to compromise

One industry that faces significant cybersecurity challenges is the very industry reporting on these incidents - the media industry. While every industry is struggling to protect their data and stay one step ahead of cyber criminals, media companies face their own unique challenges.

We recently published a report entitled: Media Industry Cybersecurity Challenges: A Vendor Ecosystem Analysis, which highlighted that one third of media vendors were susceptible to compromise via vulnerabilities in their internet-facing publicly accessible footprints. The research focused on Zero Tolerance Findings, in other words those vulnerabilities commonly targeted by adversaries, and their remediation, for example where there is a patch for a software vulnerability or configuration change for IT hygiene, both of which are readily available and easy to implement.

We assessed 485 companies in the media landscape, dividing these into two groups: top media vendors, and the extended media ecosystem vendors.

We also found that the percentage of media vendors susceptible to compromise is double that of a multi-industry benchmark composed of all the companies that we monitor.

Why is this industry so susceptible?

The media industry has very interconnected and overlapping virtual ecosystems which create challenges for secure production, distribution, and management of media. From concept to camera and from camera to consumer, media companies are dependent on vendors, service providers, partners, and technologies – more so than other industries. Their third-party ecosystems are particularly fragmented, and dependence on vendors varies enormously. This not only adds to the complexity of managing risk but also means that cybersecurity issues could impact any part of the supply or value chain.

The public nature of entertainment, film, and streaming makes their creators ripe for ransomware attacks and other cyber threats. After investing millions of pounds into the production of a film, these organisations are eager to protect their investment. An unauthorised online release can seriously damage box office sales, turning an expected blockbuster film into a mediocre event.

While other types of businesses can hide new product launches until they are ready for public release, entertainment studios begin publicising new movies and TV or streaming series long before production starts. Threat actors know about upcoming releases years before they are ready. This model gives criminals time for reconnaissance, allowing them to find vulnerabilities and selectively go after big films or shows. Specialised darknet forums and torrent sites are trading and distributing licensed, as well as unreleased content.

Also, media companies have had their distribution channels disrupted by other cyber attacks, finding themselves unable to deliver content to consumers. Ransomware, distributed denial of service attacks (DDoS), and other forms of disruption are also prevalent across the media partner and supplier ecosystem. It is far reaching, and we found that the digital supply chain is a common attack vector not only for the media, but across all related industries.

Taking a proactive approach to remediate attacks

There is a need to take a more proactive approach rather than wait to find out the business or one of its vendors has been compromised. Therefore, what actions can media companies take to better protect their content and systems? We recommend the following:

·        Identify and prioritise vendors, focusing on their criticality to content creation and delivery, access to critical systems, and importance to the business’ operations.

·        Continuously monitor the extended vendor ecosystem using contextual analysis to prioritise mitigation of zero tolerance findings. Simply relying on questionnaires or point-in-time scans and audits is not sufficient to reduce risks and prevent leaks or operational downtime.

·        Leverage platforms and solutions that proactively track how critical vendors are addressing externally visible critical vulnerabilities and misconfigurations; work with the vendors to reduce risk across the exposed attack surface.

A volatile, uncertain, and complex landscape

The volatile, geo-politically unstable and disruptive environment of the last few years looks set to continue. The media industry is a vital component of society, being responsible for the creation and distribution of news and content, used not only for entertainment, but also for much needed knowledge sharing.

Adversaries are aware of the value of this data and intelligence and are increasingly targeting this commodity. Therefore, protecting these content assets will be vitally important for an industry that not only reports on cyber attacks, but is now finding itself a victim.