So far during 2021 two broadcasters have been hit by cyber attacks: Nine Network in Australia and Cox Media Group in the United States.
Of course, those are the two we know about. There could very possibly be others.
When a broadcaster is hit by a ransomware attack it can cause all kinds of disruption: newsrooms go offline, internal computer systems go down, streaming services can be impacted, and as broadcasters move towards a more IP-centric workflow a cyber attack could be devastating.
After the infamous Sony malware attack in 2014, when hackers released details of Sony Pictures’ employee details, film scripts and even unreleased films, many broadcasters took note and increased their own internal firewalls.
So, why are broadcasters suddenly under attack, and why now? According to Eric Bassier, senior director, product marketing at Quantum, it’s all about money. “Broadcasters have found new ways to secure profits from their programmes,” he tells TVBEurope. “This includes new forms of PPVs, new DVR services, in-content shopping, and live large-scale events, which draw in more viewers and profits. With this influx of money, it’s no wonder that cyber criminals are knocking at the door wanting a piece of the pie.”
He cites major events such as the Super Bowl and UEFA Champions League as potential targets. “With that many people involved in a project, spread across the globe and across different networks and systems, it’s natural for threat actors to take advantage of a backdoor attack. It only takes one weak link for the protective chain to break, and by then they’ve gained root access to the network and can initiate a denial of service.
“Public recognition is also a key motivation. Successfully penetrating a broadcaster’s network is akin to gaining the keys to the ‘public eye’ and forcing your hand,” continues Bassier. “News, sports, popular TV shows… these programmes draw in eyeballs, and there’s no better negotiating tactic than laying out your cards in front of millions of others, who now may not be able to watch these shows live. This puts all the risk back onto the broadcaster, who now must contend with public/industry opinion, reduced credibility, damaged reputation, and loss of time and money.”
So the question is, what can broadcasters do to secure themselves against such attacks? Bassier stresses the need to be proactive, not reactive. “One way is through the tried tested backup rule of 3-2-1-1, which means: 3 copies of your data, 2 different media types, one offsite, and one offline.” he explains. “The third point is behavioural, and it starts at the top by re-setting policies to get back online. A modern technology solution should also provide data ‘immutability’ to protect and recover your assets in the case of a breach and secure your data with a multi-layer technology approach. Remember, a virus cannot bypass a physical barrier formed between your data and the network. It is and will continue to be the most cost-effective form of ransomware protection.”
Bassier offers some practical tips to broadcasters or those working within a broadcasting system/network, on how they can take reduce the probability of a major shut down and the exfiltration of data:
- Ensure data won’t be compromised if a hack occurs
- Look at your backup strategy holistically across your entire environment
- Ensure you can recover; test, test, test your recovery method
- As soon as data fulfils its value in fast disk, tier it off to a cold data solution
- Think differently: Consider a multi-layer approach to protect and recover backups
- Prevent a hack before it happens
- Understand your risk profile and threat landscape
- Identify network entry and exit points
- Reduce the attack footprint/surface
- Harden your systems (shut down the ‘nice’ to haves)
- Disable services like RDP (gateways, ports)
- Boost awareness of social engineering tactics and defences
- Review your cyber-hygiene
- Update software regularly
- Backup regularly
- Regular scan for vulnerabilities
- Remediate your findings
-
Australia’s busiest newsroom abandoned due to suspected cyber attack
