FEED Summer 2021 Newsletter

eoffrey Crespin came to the media and entertainment industry as an outsider, bringing with him years of experience in cybersecurity across multiple

sectors. As a result, he can give a clear-eyed, unsentimental assessment of how we are doing. “This industry is five or ten years behind compared to the traditional IT cybersecurity world,” he says. “It’s now just starting to realise that vendors and customers have to put cybersecurity measures in place.” Crespin worked as a cyber defence consultant for over a decade (with high-level clearance), for European governments, institutions and private companies. Over the years, he began to work for telcos including Proximus, Belgium’s largest mobile telecommunications company. He joined EVS as a senior solutions architect in the summer of 2020. As part of EVS’s new cybersecurity strategy, Crespin will help EVS customers address and prepare for every aspect of an ever-growing

attack also extended to other affiliated companies, including those providing tech support. “We have to be prepared. The attack surface is so large in these events and attackers try to exploit any existing vulnerability. It could be via a tech company or provider – we don’t know,” says Crespin. further enabled by new technologies. Part of his job at EVS is to assess the security of each of the company’s products. “There’s a big difference between now and ten years ago. We have more and more devices on the internet, as well as internet-facing applications. In the past, it wasn’t a NEW TECH, NEW DANGER Crespin notes that these threats have been

array of security threats. Making a difference is something that he is enthusiastic about. “EVS has a great plan for fixing vulnerabilities in broadcast technology products across the industry,” explains Crespin. FACING THE THREATS As the number of connected devices on a production grows – along with the number of people potentially able to access those devices – so does the cybersecurity threat. As we’ve seen

big problem, because things were connected between OB trucks via SDI cables, and the attack surface was very limited.” While a certain product or provider may have top-level security features, today’s workflows are inevitably made up of long chains. These chains are only as strong as their weakest link. Interestingly, Crespin sees no difference in cyber vulnerabilities between cloud and non-cloud workflows – the cloud is

THIS INDUSTRY IS MAYBE FIVE OR TEN YEARS BEHIND

over and over again, it only takes one person in an organisation to click a link or download a file to create system-wide chaos. Ransomware is still one of the most basic, and common, types of attack. “Ransomware can target anyone, not just the broadcast sector,” explains Crespin. “As soon as you expose a service or a server on the internet, you face those kinds of threats.” Broadcast, because of its power to affect and engage large audiences, has a special appeal for certain types of assailants. EVS customers working on global events, often being watched by billions of people, have to be meticulous about cyber defence. “We decided to provide cybersecurity services specifically for these types of events,” says Crespin. “They can be targeted by criminal organisations wanting money, but also by nation-state actors.” He points to a famous incident a few years ago, where the entire IT system of a global broadcast was taken down by a massive cyberattack on the first day of the event. The infrastructure had been infected by pernicious malware, ultimately forcing the event’s technology teams to close the whole IT system and restore it from backups. The

just one more network location. “When EVS provides a service, we put in place firewalls, switches and other types of servers, like streaming servers. We recently saw attempted attacks, which were blocked by our security products, trying to exploit vulnerabilities in firewalls. Then we saw the NSA had published an article about state actors trying to exploit this specific vulnerability, which we had spotted previously in our sniffer.“ He adds: “Bad actors aren’t just targeting specific products to attack them, they’re performing reconnaissance to learn what is vulnerable – and they try to exploit it. We not only have to be careful with our past products, but the complete workflow chain.” Crespin notes that cybersecurity is no longer just an option. It’s becoming an essential part of any broadcast-industry contract. Customers are now requesting their vendors are fully compliant with security standards – and if they aren’t, they will take their business somewhere else. “If a vendor isn’t compliant, they are out. That’s it. Customers have seen more and more cyberattacks, and have realised the impact.”

@feedzinesocial

Powered by