In April 2015, the Twitter and Facebook accounts, as well as the TV5MONDE website were hacked shortly before 10 p.m. The hackers claimed to be from the Islamic State group and spread their propaganda messages through these channels before the accounts were taken over. It was the first significant cyberattack in France. At that time, large media companies suffered a few daily attacks whereas now they number in the thousands.

 

This year, the American group Sinclair Broadcast counts up to 20,000 attacks per day. In 2020, it was the M6 ​​group suffered a cyber-attack. The observation: the media are targeted by cybercriminals. It is in this context towards cyber risks that we organized a round table at SATIS 2022 on this subject. Here is our report.

 

During this meeting, we shared best practices in terms of data accessibility, secure remote work and hybrid-cloud storage.

 

1) HUMAN NEGLIGENCE

 

Media insecurity is mostly caused by human error, cybercriminals, technical problems, or natural disasters. Human negligence being number 1, poor management of your media can constitute a cyberthreat on its own, and can serve as a ricocheting doorway for cybercriminals.

 

While the market is changing, broadcasters must simultaneously train and educate their users since attacks generally occur because of errors by internal collaborators. Also, freelancers are sometimes overlooked in the training process despite their major role in the supply chain.

 

2) AUTORISATION AND ACCESS TO DATA

 

It is important to have a data access policy and to identify the levels of rights and define the audiences authorized to view, modify, or delete your media.

Be sure to adapt the level of training and awareness of your teams so that they are aware of the flaws and can act accordingly. The risk is all the greater when you use a hybrid-cloud solution where content can be accessed without restriction. Several tools can be put in place to meet this challenge:

• Logins (username and password)
• Watermarks
• Permission levels
• The use of a Media Asset Management
• Or an application developed internally

 

It is advisable to have a “zero-trust” approach. Don’t trust anyone, internally or externally. A single infection in the supply chain can impact production, service providers and distribution.

 

3) PERMANENT AUDITS

 

Audits provide visibility into who is accessing my content, who is using it, how and when. It is an effective solution to identify a problem or unusual use and solve it more easily.

 

In summary, to protect against cyberattacks:

• Install firewalls/antivirus
• Define conditions for transferring media via the cloud
• Build a data access policy
• Set up identification tools
• Train and sensitize your teams

 

No script is written. Considering all possibilities remains the key to dealing with cyberattacks.

 

READ: Mediakwest article