CYBERSECURITY
and mega fans to foreign governments and political movements. One of the most high-profile cyberattacks on Hollywood took place almost a decade ago. In November 2014, at Sony Pictures, computers stopped working and social media accounts were hacked. In the following days, sensitive documents – including correspondence between executives – were made public, and unreleased film material was made available. North Korean hackers were blamed for the attack, launched, it was presumed, in retaliation for the release of the studio’s geopolitically controversial comedy The Interview . A few reputable experts doubted the North Korean angle, and some thought the hack and infodump were perpetrated by a person or persons inside Sony. But nobody knows for sure. Or if they know, they aren’t saying. That’s the scary part about cyberattacks: the invisibility of the attacker. The hack itself had been going on at Sony for quite a long time – possibly months. The hackers claimed they had downloaded many terabytes of files, and all of this happened with no one in the business noticing. The scale of the invasion is a detail some have put forward as evidence of an ‘inside job’. The hackers took their time to clear the shelves of everything they wanted. The Sony hack is far from the biggest cyberattack on the media and entertainment business, but it is often raised as a cautionary tale of how a
studio cybersecurity breach can turn business as usual into a corporation- wide disaster in a matter of hours. Ten years later, the film community has a much better handle on cybersecurity, along with most of the corporate world. IT PAYS TO BE PARANOID Most businesses don’t know they’ve been the victim of a cyberattack until it’s too late. But criminal activity is going on 24/7, with bots continuously scanning digital infrastructure and looking for vulnerabilities. The aggregate of any business’ vulnerability is called an ‘attack surface’. The attack surface of a golden-age movie studio was more or less confined to what went in and out of that front gate. But attack surfaces today extend to every device owned by the studio, its production companies, contractors and subcontractors, plus all their employees – no matter where they’re located. The most vital defence against cyberattack is to acknowledge that you are being attacked. In fact, as you’re reading this right now, bots are almost certainly probing your devices for vulnerabilities – like thieves trying every car door on the street, gambling that one of them might be unlocked. Sometimes a bad guy gets lucky. In the realm of cybersecurity, paranoia can pay off, but the issue with paranoia is that it’s the polar opposite of creativity. The industry must do a balancing act between protecting high-value assets across a huge attack surface while allowing maximum creative freedom, innovation and flexibility across the supply chain. The culture of the industry is such that, if you get a call from what sounds like the director demanding you send over all the previs work from yesterday, you’re unlikely to ask them to wait for the security protocols to be observed – much less demand they prove their identity. Security that adds friction to production will be hard to tolerate. PATCHING HOLES Almost everyone involved in a production is at some point in control of sensitive digital material. Your security system needs to make leaks impossible
THE SONY HACK IS FAR FROM THE biggest attack on the M&E business , BUT IS RAISED AS A CAUTIONARY TALE OF HOW A cybersecurity breach CAN TURN BUSINESS AS USUAL INTO A corporation- wide disaster IN HOURS”
78
DEFINITIONMAGAZINE.COM
Powered by FlippingBook