[BreachExchange] Media companies need to be hypervigilant about cyber security

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 25 18:42:29 EST 2019


https://techau.com.au/media-companies-need-to-be-hypervigilant-about-cyber-security/

In a world dominated by technology, all companies, regardless of their
sector now have a huge online presence. Alongside this, you’ll also find
that all companies now rely heavily on the internet for storing and sharing
information. Obviously, this can leave companies vulnerable to
cyber-attacks.

Recently it was flagged as one of the biggest risks to 2019, with the
devastating impact of cyber-attacks being compared to that of ecosystem
collapse. With these attacks encompassing everything from data fraud to the
breakdown of information infrastructures, it’s highly important that
companies take note sooner rather than later.

Media and Entertainment

However, cyber security for media and entertainment industries is seemingly
of higher importance than those in other industries. This is due to
companies within this sector being particularly vulnerable to cyber-crime,
with more than half of companies in the US experiencing three or more
attacks over the 12 months between 2017 and 2018.

Although it may seem US exclusive, cyber-attacks are something that can
affect companies across the world, regardless of location. However, they’re
all susceptible to the same attacks due to them having high profile
products, complex production prices, and a reliance on using outside
vendors. All of this coupled together work to create the perfect storm for
those looking to attack quickly and easily.

Cyber hacking for media and entertainment industries actually takes on
several forms, again making it much easier for those looking to attack.
These cyber-attacks include viruses, which is the most common form of
attack, followed by phishing schemes and then data breaches.

But one of the key issues when it comes to cyber-attacks within the media
and entertainment industry is the overestimation of security and the
underestimation of risks. It’s been found that multiple media agencies,
despite being attacked in the previous 12 months still thought that their
current protection was enough to keep them safe. However, it’s quite
obvious that those within the industry need to be doing much more to ensure
that they remain safe within the ever-changing world of technology.

Solutions and Policies

So what next for companies within the media and entertainment industry?
Well, there are a number of tips that they can use to help combat and
prevent cyber-attacks. These include:

Monitor social media accounts
This doesn’t mean the company’s personal accounts, but those of relevant
hacktivist campaigns. This will help you to find out if your organisation
has been included on a target list, which will allow you time to better
organise your defenses.

Monitor latest software vulnerabilities
You should pay particular attention to the latest updates of Flash and your
internet browser, to ensure your site is patched, and see if there are any
vulnerabilities within these. Failing to monitor these could leave your
company exposed to malvertising.

Monitor domains
Particularly the registration of typosquatted domains, as this will give
you the chance to have these taken down before they develop into a threat
for those using the site.

Be aware of ransomware
Make sure you’re up to date on all the latest ransomware targeting your
industry, what delivery methods are popular, and what CVEs they target. If
you do this, then you’ll be able to prioritise your remediation efforts,
ensuring you have regular backups in place, while keeping your staff
trained to identify such issues.

Monitor credential dumps relevant to company accounts
This will allow you to get additional monitoring for high-value targets and
non-enterprise accounts. Also, ensure that you have a password reset in
place.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190125/ff3f01de/attachment.html>


More information about the BreachExchange mailing list