Media & entertainment (M&E) and other companies face a constellation of escalating security threats in 2024, from ransomware and other malicious code to advanced persistent threats and ultra-advanced social engineering schemes.
But doesn’t mean you should say no to the cloud and all its security benefits. Indeed, repatriating your data estate to on-prem systems can be a huge regression when it comes to keeping your data safe.
Keep reading to find out why and learn more about the best ways of protecting your data, no matter where it resides.
Table of Contents
- Notable Security Breaches in 2023
- Most Common Security Attacks & Rising Threats
- Should You Say No to Cloud Security?
- 7 Ways Companies Can Protect Their Data
- Regular Account Reviews
- Cloud Competence
- Password Management
- Mobile Device Management (MDM)
- Data Snapshotting
- Software Tools
- Having a Disaster Recovery Plan
- Conclusion
Secure Cloud Transfer for Media
Protect your content with TPN-verified (MASV has received Gold Shield status), fully encrypted file transfers.
Notable Security Breaches in 2023
The most high-profile data thefts this year — in any industry — can be traced back to zero-day vulnerabilities in self-hosted file transfer platforms GoAnywhere, MOVEit, and Aspera.
In all three cases bad actors used these vulnerabilities to gain access and remotely execute malicious code (typically ransomware) on on-premises customer servers running these services. They threatened to publicly release reams of stolen information if ransoms weren’t paid.
These attacks affected many file transfer customers and their customers;
The MOVEit hack alone has hit more than 2,600 organizations and 77 million people so far. And although it took place in May, we’re still hearing about organizations discovering they’ve been affected.
And though some organizations recovered fairly quickly from these incidents, others took several weeks to get back to normal.
Other notable security incidents this year included:
- A $100-million ransomware breach at MGM Resorts that encrypted more than 100 ESXi hypervisors, a type of virtual machine host.
- A $15M data ransom paid by Caesars Entertainment following the theft of its loyalty program database.
- A ransomware attack that claimed to breach “all of Sony’s systems”. Sony was seperately affected by the MOVEit attack, along with being the victim of another major breach in 2011.
- Theft of nearly 100 GB of T-Mobile employee data that was posted publicly on hacker forums (reportedly via a breach of one of the company’s retailers). It was the second T-Mobile-related data breach of 2023.
- Nearly 40 TBs of private data accidentally leaked by Microsoft’s AI Research Division.
- State-sponsored Chinese hackers eavesdropping on U.S. government agencies via a Microsoft cloud services vulnerability.
- A third-party vendor breach that compromised the data of around 9M AT&T customers.
- An SMS phishing-initiated breach at Activision, which occurred in December 2022 but was only brought to light in February.
The above list isn’t definitive; several other data breaches took place in 2023.
Someone leaked news of the existence of Shrek 5 earlier this year, for example, although it looks like that one was most likely accidental.
People are often the weakest link in any cybersecurity posture, after all.
💡 Read More: How to Protect Against Content Privacy
Most Common Security Attacks & Rising Threats
Media organizations face a constantly evolving landscape featuring multiple threats. Here are some of the most common.
Ransomware and Other Malware
Most security experts consider ransomware to be the most serious threat over the next few years.
In M&E’s case, that’s because many organizations haven’t invested enough in remote security since the initial WFH migration during the pandemic.
For example, if staff use their personal device to remote into machines located inside a studio, and that personal device is infected with ransomware, the malicious code can easily find its way to studio servers. Before the studio realizes what’s happened, they can end up with giant infected sections of data on those servers.
Part of the risk stems from how virtual private networks (VPNs) are used by studios for remote work and file transfers, including allowing open access to the destination network. While many studios use protocols such as PC over IP (PCoIP) with VPNs, they don’t always implement proper security such as restricting accessible ports or subnets, or using a suitable PCoIP connection manager to route remote desktop sessions.
Full tunnel VPN without proper security precautions can result in malicious traffic being routed through the destination network and cause blacklisting and harm to a company’s public IP or DNS.
Advanced Persistent Threats (APTs)
APTs are sophisticated and sustained attacks where intruders gain access to a network and remain there, undetected, for a long period of time. During that time the attackers exfiltrate data in a sustained manner while infecting systems with malicious code.
Attackers can also set up backdoor access so they can re-access the network if the original attack is detected.
APTs are one reason why zero-trust environments have grown in popularity. Zero trust architectures hinder an attacker’s lateral movement within a network by constantly challenging users to authenticate themselves at every step.
While the GoAnywhere, Aspera, and MOVEit attacks have not officially been classified as APTs, the amount of time the attacks persisted — along with the fact that organizations are still discovering they’ve been affected many months later — are all hallmarks of this attack technique.
In a statement, MOVEit parent Progress Software identified the perpetrator as an “advanced and persistent threat actor” that “used a sophisticated, multi-stage attack.”
Social Engineering/Phishing
For ransomware or an APT to infect a system, it must first gain access — and that’s where social engineering and phishing techniques frequently come into play.
Unfortunately, these have become much more sophisticated with the advent of large language models and generative AI.
Some industry watchers noted an uptick in phishing schemes against major streaming platforms during the recent Hollywood actors and writers strikes. Cybercriminals now often use public directories, such as LinkedIn company pages, to identify employees and their superiors — and then attempt to impersonate the latter to gain information or access.
Bad actors also test their potential victims by asking them to respond first before doing anything else. That’s to help them find the easiest mark.
Credential Stuffing
Credential, or password, stuffing is another popular attack technique in the media industry. Cybercriminals harvest compromised usernames and passwords from databases on the dark web or elsewhere, then use those passwords to gain access to other sites or services.
The power of credential stuffing is such that your IT team can lock down your website or service perfectly, with no vulnerabilities or defects, and attackers can still get in by employing bots to reuse thousands of harvested passwords.
- Cybersecurity firm Security Intelligence says there was 45% year-over-year growth in credential stuffing attacks from 2021 to 2022.
- Part of that can be attributed to the fact that nearly 70% of people reuse their passwords on multiple websites.
Pro tip: Don’t do this.
Other common attack types include SQL injections, remote-access trojans, distributed denial-of-service (DDoS), brute force, and keystroke logging.
Should You Say No to Cloud Security?
The seriousness of this year’s attacks is compounded by the rising frequency of data breaches in the U.S. in general, which jumped 330% between 2011 and 2022. IBM’s 2023 Cost of a Data Breach report indicated the average cost of a breach in 2023 was $4.45M (a 15% increase from three years ago).
That’s got many companies wondering: Just how safe is the cloud? It has also helped spur the trend of cloud repatriation, which involves pulling data from the cloud back to on-prem infrastructure.
But while cloud repatriation is primarily driven by cost, security, and compliance considerations, many experts consider repatriation a huge step back when it comes to cybersecurity.
That’s largely because keeping the same level of security in an on-prem facility “can be a significant challenge,” argues Marcin Zgola, founder of cloud firm Nexthop in Forbes, “especially for companies with limited resources.”
Here are a few reasons why moving away from the cloud is a huge security risk:
On-prem systems provide an illusion of safety
As the self-hosted GoAnywhere / Aspera / MOVEit attacks demonstrated, on-prem systems often only provide an illusion of safety.
It may be comforting that your infrastructure is stored in a locked server room down the hall. You can even walk down the hall and put your arms around it, if you’re so inclined. But that doesn’t mean it’s secure.
That’s because installing outside software applications in an on-prem system means you’re automatically adding other people’s code — along with their dependencies and vulnerabilities — to your infrastructure.
Not only does that render any potential security benefits of a self-hosted system moot, it also means you may not even know you have a vulnerability until it’s far too late:
- Unless you’re going to build all the software you use yourself, you have no choice but to trust that third-party vendors and their dependencies aren’t going to open a backdoor to your physical premises.
- There’s only so much you can do to verify the details of a third-party vendor’s security posture; some of your software may use compromised services (like GoAnywhere or MOVE it) without you knowing it.
- Software vendors aren’t incentivized to spend billions of dollars keeping your on-prem system secure from their vulnerabilities.
- That means when you buy software, you automatically invite potential vulnerabilities and third-party risks into your physical infrastructure.
It’s also next to impossible to build security infrastructure anywhere close in effectiveness to that of major public clouds such as AWS, which are regularly tasked with protecting ultra-sensitive data for governments and militaries.
Most organizations on their own simply don’t have the resources or time for that. But it’s the bread and butter of public cloud platforms.
And when an attack does happen in an on-prem setup, you and your IT team are on your own to fix it — and administer a patch fix (which then needs to be implemented).
Cloud security is more robust and flexible
There are dozens of reasons why cloud security is more robust than anything you could ever build on your own.
Cloud providers are the industry leaders in security controls. Given the risks of a breach to their business model and reputation, they’re the most incentivized organizations to keep data safe and secure.
Major cloud services have several security advantages over on-prem setups, including:
- Built-in identity and access management (IAM) tools such as multi-factor authentication (MFA).
- Tools that provide deep visibility into potential threats such as monitoring, auditing, testing, and logging.
- Automated incident response tools.
- Automated patching, system updates, and redundancy to ensure high availability.
- More resources and time to keep physical data centers physically secure. AWS physical security, for example, includes in-depth site selection, professional security staff with surveillance and detection tools, and employee access based on the principle of least privilege.
- Event-driven automation for disaster recovery (DR) remediation if something does go wrong, and the bandwidth to handle DR activities (so your team doesn’t have to).
- Infrastructure-as-code (IaC), a huge advantage when managing cloud security and costs because it reduces human error and allows engineers to more easily scan and benchmark code for configuration errors early in the development process.
Cloud providers have several robust layers of recovery. S3 versioning allows companies to preserve, retrieve, and restore all versions of all objects stored across all a company’s buckets, allowing for easier recovery.
Most public clouds also allow users to store data in multiple regions, so you’re sure to have copies of data in multiple physical locations in case of a catastrophic event.
7 Ways Companies Can Protect Their Data
Although cloud services aren’t perfect, it’s clear they have more resources available for data protection and recovery. But there are best practices companies can put in place to ensure the safety of their data in any situation.
1. Regular Account Reviews
Systematic and regular reviews of user accounts for suspicious activity is a must for all organizations — especially if you’re a customer of a breached organization, or you suspect you may be.
Analyze all user accounts for unrecognized usernames, by whom they were created, and when they were created. It’s also prudent to regularly check admin audit logs to make sure threat actors haven’t given themselves super user credentials, which can extend attack persistence and severity.
2. Cloud Competence
Cloud providers can help guide their users but ultimately can’t stop them from making bad decisions: All it takes is a careless user to misconfigure a cloud storage bucket, and the chances of a breach climb exponentially.
A level of cloud competence is required to function well and securely on the cloud. A lack of cloud savviness can open your organization to massive cost overruns and major security issues, but many M&E and other organizations don’t yet have a critical mass of cloud competence.
Many M&E studios – which in many ways are like little technology companies – are run by non-technical creatives. That’s a very good thing when it comes to putting out quality product, but can create risk when it comes to technical cybersecurity.
💡 Read More: How to Migrate Your Broadcast Workflow to the Cloud
3. Password and Identity Access Management
We can’t say this enough: Don’t include passwords in collaboration platforms like Slack. If cybercriminals infect your personal device with malware, they will almost certainly search your messages for mentions of passwords or other sensitive information.
And if that device is connected to internal or cloud systems…well, you get the picture.
Other password management best practices:
- Don’t repeat passwords from application to application.
- Don’t use easy-to-guess passwords.
- Use a password management tool so you can remember all those complex passwords.
You should also implement identity and access management (IAM) best practices, including multi-factor authentication (MFA) and least privilege permissions.
MFA protects against account takeovers by verifying a user’s identity through various methods such as security questions, SMS or email tokens, hardware tokens, or biometrics. The principle of least privilege (PoLP) ensures users only have access to the systems they need to do their jobs, and nothing more.
4. Mobile Device Management (MDM)
Speaking of personal devices, a major driver of ransomware and other malware-related attacks are lax bring-your-own-device (BYOD) policies.
Establishing a mobile device management (MDM) regime is a good way to guard against this by locking down all mobile devices that connect to internal or cloud systems, keeping them up-to-date, and ensuring older (and less secure) devices don’t get on the network.
5. Data Snapshotting
It’s imperative to regularly snapshot your data, which is more or less like taking a picture of your file system (allowing you to roll back to that moment in time if data becomes corrupted).
Some companies snapshot their data every hour (or even more frequently), with each of those hourly snapshots deleted after 24 hours to free up space. That’s combined with a nightly snapshot that’s kept around for a couple of weeks or even months for backup purposes.
6. Software Tools
Studios and other companies can use software tools like RansomWhere? or other anti-malware and anti-virus software to detect growing encrypted blobs on your system. Tools like RansomWhere? allow users to quickly block access to files if an issue is discovered.
7. Having a DR Plan
If threat actors do manage to infiltrate your system, have a solid disaster recovery plan in place to determine the origin and severity of the attack. Who got infected first? What kind of access do they have? Where were they working from – home or the company facility? When did the attack first take place?
Having fast answers to these and other questions can help you quickly determine which data they may have accessed and mitigate the damage.
Conclusion
The ultimate lesson here is that M&E companies should always be a bit nervous — even paranoid — about security. But not because of the cloud.
As GoAnywhere and MOVEit clients discovered this year, on-prem setups seem safe because of their physical location but are actually extremely vulnerable to ransomware and other attacks delivered via third-party backdoors from software installations. And once your on-prem system is compromised, you’re on your own to deal with patching, updating, and recovery.
Cloud security is, on average, far superior to on-premises infrastructure because public cloud providers:
- Are industry leaders in data center protection, and are in the business of protecting data.
- Have far more resources to spend on the latest security tools and best practices.
- Are much more incentivized to keep your data secure than the third-party software you’ll inevitably use in an on-prem system.
Cloud platforms also have way more resources to assist with DR and other mitigations if something does go wrong.
MASV – which is a cloud business – keeps things tightly locked down through our layered security posture and AWS’s suite of security tools and features. Because not every file transfer platform has security best practices in mind, we’ve created a secure-by-design platform that’s easy to use, built for remote work, and offers enterprise-grade security as a standard feature – not an add-on.
MASV’s enterprise-grade security posture includes TLS 1.2 and AES-256 encryption, automatic patching and updates, and certifications (ISO 27001, SOC 2) and third-party audits from leading organizations such as the Trusted Partner Network (we have recently achieved Gold Shield status).
MASV also supports multi-factor authentication (MFA) and SAML-based single sign-on (SSO) to help prevent unauthorized access to your accounts and data.
Give MASV a try today and get 20 GB free – or 70 GB free if you sign up for a pay-as-you-go plan – and get a firsthand look at secure large file transfer.
Enterprise-Grade File Transfer Security
ASV combines security, compliance, and high performance in a user-friendly package.