No business like show business: Cyber criminals target entertainment industry

Cyber security made show business headlines twice last week. The cyber security drama series Mr Robot won the Golden Globe Awards and CyberInt revealed that the website of dance music pioneer band Faithless had been hacked.

Show business has a growing reason to be nervous about the growth of cyber crime and the more nefarious parts of the Dark Web. As consumers shift from physical media such as CDs and increasingly seek online entertainment, the music and movie industries face a huge challenge. In order to deliver audio and video content to any mobile device while accepting online payment from millions of customers make them a prime target for cyber criminals.

There are now growing fears that next month's Oscar ceremonies may attract the attentions of cyber criminals. The Oscars have traditionally attracted the attention of digital movie pirates. Prior to widespread online distribution of video entertainment, the Oscar judges would be presented with a set of DVDs comprising all the Oscar inmates movies. As these were effectively digital master copies of the year's most successful films, the pirates found ways purloining these master copies.

Whether the weak link in Hollywood's security was one of the judges or a movie industry employee was academic. By the time the ceremonies were under way, Hollywood's prime content was already available on illegal bootleg DVDs.

Digital pirates' distribution channels better than bootleg DVDs

Today, the widespread use of the Internet means that digital pirates have distribution channels that are far superior to selling bootleg DVDs from a suitcase. Unless the entertainment and leisure industries take immediate steps to take cyber security beyond their normal perimeter, it can prepare to see its bottom line gradually eroded by cyber crime.

In the case of the Faithless website hack, the fact that the confidential details of 18,000 customers were available on the Dark Web was revealed by CyberInt. Recently, UK pub chain JD Wetherspoon became aware of a hack which exposed the confidential data of 657,000 of the leisure company's customers on the Dark Web when it was exposed by CyberInt.

The very nature of the leisure and entertainment industries makes them vulnerable to cyber attacks taking place outside their usual security perimeters. As consumers increasingly use Internet-connected devices to access music and video content, those creating the content find themselves increasingly reliant on third parties for distribution of music and video entertainment to as wide a customer base as possible. As the technology underpinning online music and video distribution is constantly evolving, cyber criminals and hackers are constantly developing new attack vectors.

Organisations which rely on third parties such as digital distributors to deliver the content to their end customers are increasingly vulnerable to cyber crime as entertainment increasingly goes online. Even if the content providers manage to secure their own IT security perimeters, the hackers will simply look for a 'back door'. Content providers should be aware of the massive potential risk presented by using a wide range of digital distributors and take steps to monitor activity beyond their usual security perimeters. Failing to do so means facing a twofold risk.

One is the risk of losing their content to cyber criminals. And once the content has been offered for sale on the Dark Web, it can be sliced and diced in any number of ways. The original content owner will then have no real chance of ever recovering the lost content or the profitability on which it was counting as the material will have quickly been scattered across the Internet.

Companies working within the entertainment industry also risk significant reputational damage when their customer details are exposed or put up for sale on a Dark Web forum frequented by Internet fraudsters. The company then has a huge debt to settle as its loyal customers are fleeced as a result of the entertainment company's ineffectual cyber security.

Online assets such as websites, social network accounts, blogs, DNS hosts and an array of others are the soft underbelly of any organisation's defense, They are, therefore, an increasingly vulnerable and popular attack vector. Current solutions are inadequate in preventing high-speed, opportunistic attacks that exploit their weaknesses and the 3rd party vulnerabilities that are the end result of today's interconnected world.

It is essential that organisations protect every online asset that lies beyond the perimeter from sudden and unexpected defacements, phishing attempts and other malicious activities.

Companies need to hire specialist advisers to provide constant monitoring of online assets enabling a timely and effective response to any malicious activity before it adversely affects the company's bottom line and causes irreparable reputational damage.

Elad Ben-Meir is VP of marketing at CyberInt

Image Credit: Shutterstock / CobraCZ