One of the key topics discussed at this year’s International Broadcasting Convention (‘IBC2018’) was cyber security. Broadcasters were warned by cyber security experts (including Scott Borg, an international cyber security specialist who helped to devise and run national cyber security exercises for the US and Estonia) at the IBC’s Cyber Security Forum (the ‘Forum’) that they need to start having “brutally frank” internal conversations about the scale of the cyber security threat they face.
Broadcasters are particular targets for hackers and cyber criminals (so called “bad actors”) because their channels / networks can reach entire populations. While there are no easy solutions to what is a growing and continually evolving problem, the first step for broadcasters is to, at the very least, make it more difficult for a hacker to successfully infiltrate their organisation.
According to the Forum, one of the biggest threats to broadcasters is the failure of chief executives and senior management to properly engage in and invest the necessary resources to protect their organisations; the response is often to baulk at the associated costs, which usually comes at the expense of funding for marketing or other growth. A senior broadcasting executive in attendance at IBC2018 warned that at the top of broadcasting organisations “they understand, but do not appreciate” the scale of the risk of cyber-attacks which can be almost existential: “they tend to put it [cyber security] under something else,” he said.
The Forum heard that in order to combat cyber-attacks, “thoughtful risk assessment” is required, which must permeate to the top of an organisation. One simple and easily-implemented measure is for the senior management of an organisation to send a report (either weekly or monthly), setting out the three worst cyber-attacks against the organisation and how they were averted, in order to raise awareness. Non-stop education and the regular rehearsing of emergency plans is also vital. A leading Scandinavian broadcaster at the Forum warned that employees with weak passwords, using free wifi (e.g. in airport lounges, coffee shops etc.) can provide an easy “backdoor” to a broadcasting organisation’s IT systems.
In the UK, the National Cyber Security Centre has published ‘10 Steps to Cyber Security’ (click here). It is a useful guide for large organisations to help protect themselves against cyber-attacks and system compromises, and it provides:
- an introduction to cyber security for executive / board-level staff;
- a white paper that explains what a common cyber-attack looks like, and how attackers execute them; and
- 10 technical advice sheets for organisations to consider putting in place.
As cyber threats continue to evolve, the need for focussed risk assessment, increased executive engagement, continual education and higher spending to bolster security systems grows. Broadcasters have been described not just as organisations fighting on the front line of the cyber security battlefield, but as being “the battlefield itself”. It is therefore imperative that particular attention is paid to this issue moving forwards, and that staff at all levels actively participate in protecting their organisation from “bad actors”.