1996 might seem a long time ago, but it’s when Bill Gates first authored an essay with three words that would come to define the modern age: content is king. While the media and online world has evolved hugely, the sentiment remains as accurate as ever.
Since that exact moment almost three decades ago, the rise and dominance of streaming services has revolutionised the media industry. But this revolution has also made it a hot target for cyber attackers. Amid an incessant battle for subscribers and soaring production budgets, attackers have begun targeting a dataset that is held in huge quantities within creatives, unstructured data. Often comprising media, audio and imaging content, this data is regularly targeted because it is difficult to store in simple secure filing structures, and vulnerabilities can be expansive.
The attack and seizure of this data can be truly catastrophic for media and entertainment (M&E) businesses. In a uniquely competitive landscape where success depends on fan demand, anticipation and sales, it is essential to protect the unstructured data businesses in the industry hold dear. And it comes down to a unique way in which this data must be stored, accessed and processed.
Why are studios under threat?
The M&E industry is unsurprisingly a high value target due to its worldwide reputation and enormous production and licensing budgets. Globally, the M&E industry is valued at $2.64 trillion, and is only expected to grow due to consumer spending trends and heightened audience expectations. In fact, by 2026, it’s predicted it could be valued at $2.93 trillion.
While the monetary value alone makes the industry a key target, the structure and working patterns of M&E businesses are also cause for concern. That’s because they often have large, distributed production arms, with studios around the world, comprising hundreds of staff all on various employment contracts. Many of whom will have varying levels of access to data, posing a risk to its safety. There is also the potential of discrepancies within privacy training and contracts, meaning not all employees will be in a position to understand the immense importance that information security plays in their roles.
What is at stake?
Media files stored as unstructured data pose a storage quandary for CISOs. These files need to be accessed quickly for editing purposes, but also require strong security controls. With a near-constant battle for convenient access within the creative flow, and security, this is a unique industry challenge. The vast quantities of data and diverse users mean it can be easy for hackers to avoid detection, gain insight or take control of this data.
That is a problem. Imagine if your favourite blockbuster or TV show was leaked ahead of time and fans were able to access versions through illegal means? These leaks put huge funds, jobs and even whole organisations at risk. The leak of 2014 World War Two drama, Fury, in 2014, for example, jeopardised its total $68 million budget and the film was almost denied release due to leaked communications from its director.
Potential attacks can even change the nature of fan relationships. To use music as an example, artists have previously been pushed to release material ahead of schedule, such as Harry’s House in 2022. While some artists or franchises have leagues of dedicated fans who will refuse to engage with illegally obtained material, depending on this is certainly not enough for a trillion-dollar industry that is made or broken by audience anticipation and engagement.
How do you keep data safe?
To protect the creative industries from attack, the best approach is threefold. Firstly, businesses must defend their data. Adequate defence is rooted in security software and effective protocols to protect data from external attackers. Essential data security protocols include end-to-end encryption for when it is sent between users, firewalls to defend against the likes of phishing and trojans and a minimum of two-factor authentication (2FA) for all users. An external service provider can help businesses understand how and where to implement these protocols.
Storage and who has access to the data is next. CISOs should limit who has access and keep it to essential personnel only. Having too many people will only make unstructured data more vulnerable. The business will also need to review how it is stored; if employees are working worldwide on one project, cloud storage may be the best solution for example. A tiered hybrid cloud system can be effective for organisations with swathes of unstructured data; this works by allowing data to ‘graduate’ through more stringent storage layers as it becomes more sensitive, without interrupting workflows.
Next, it is important to look at how employees are educated and trained in data security. It is well documented that employees are the biggest threat to information security. Every member of staff, whether permanent or freelance creators, must be instructed on how to properly store and protect the data they access. Everyone is responsible for security.
As with security protocols in all industries, they must fit within workflows or they won’t work. Security cannot be a blocker to essential creativity and project management, or workers will likely begin to cut corners and that crucial control will be lost. It’s therefore vital to engage staff in how they are interacting with security and continually monitor how they are impacting work day-to-day to ensure they are remaining both convenient and impenetrable.
That’s a wrap, but not quite
M&E companies hold incredibly valuable assets that make them a frequent attack target. Recent examples have demonstrated just how much is at stake, and how materials can be seized if unstructured data falls into the wrong hands. With criminals out to exploit vulnerabilities in unstructured data storage, a robust security strategy that balances protection and accessibility is a must. The approach must be specialised and evolve continuously across defence, storage and education, audiences are counting on it.