In Cyberspace no one can hear you scream –Cybersecurity in the Media and Entertainment sector

Why is cybersecurity critical for the Media and Entertainment sector?

The Media and Entertainment sector presents a complex but compelling target for cyber attacks.

Most cyber incidents affecting businesses are financially motivated which allows cyber defences to be built around a predictable threat vector with largely predictable threat actors. 

When it comes to Media and Entertainment the motivations multiply. The sector is still demonstrably an extremely valuable one and as such will attract the financially driven cyber criminals generally deploying ransomware as their poison of choice[1]. News such as ‘Avatar - The Way of Water’ costing in the order of $400m to film is never lost on the cyber-criminal fraternity. Bootleggers are also generally looking for financial gain but in a more oblique way through attacking and illicitly streaming content[2].

For the “Swifties” or Coldplay fans among us, the recent ticket sales debacles again highlighted the susceptibility of the entertainment – and in this case – live events industry to cyber menaces.  Scalper bots, deployed by cyber touts, imitate genuine fans to take up queue positions, buy tickets en masse and generally make it extremely difficult for anyone else to buy tickets first hand through authorised sellers.  This then paves the way for the cyber touts to resell the tickets at huge (illegitimate) profits to (the now desperate) fans, who may never, of course, see the genuine tickets or indeed attend the concert.  In efforts to “put fans first”, the UK government has recently (January 2025) put forward proposals to implement caps on the resale price of event tickets (30%) and the number of tickets that can be listed for sale by any one reseller.[3]   

In further cyberattacks/live events misery, Ticketmaster was publicly held to ransom last year by hackers alleging they had stolen data of 560 million of the site’s customers, demanding payment of approximately USD 500,000 to prevent the data being sold.[4]

If the above was not enough of a challenge, the mass audience of the sector draws the attention of a different crowd of cyber criminals – hacktivists and nation states. The hacktivists are looking to make a statement as loudly as possible[5] while nation states are looking to manipulate public opinion – whether to influence elections or to spread misinformation[6].

Large-scale live events (whether music concerts or sporting tournaments) are vulnerable to this new breed of cyber criminal, particularly given the reliance of those events on digital systems, data and technology (for example, the use of immersive event content, venue screens, mobile screens, digital scoreboards and live interactive broadcasts). Of course, the cyber criminals may choose to go the “traditional route” of stealing the personal or financial information of the attendees but could equally opt to cause high-profile chaos and reputational damage (to event holders, artists or even countries) by attacking the technology to disrupt and discredit the event.  As we discuss below, the risks can be mitigated by event hosts by assessing weak spots, bolstering defences, using secure systems and partnering with a reputable live event delivery specialist using robust technology.[7] 

The Media and Entertainment sector is multi-faceted and increasingly digitalised. The sector is highly fragmented with a myriad of specialist operators collaborating to deliver content. Having many small entities engaged in media and entertainment projects significantly increases the opportunities for attack and vulnerabilities to exploit. You are always as weak as the weakest link when it comes to cybersecurity and cyber crims are adept to finding the open side window as an easy alternative to breaking through the heavily protected front door. A memorable example comes from 2017 when a North American casino lost more than 10 GB of sensitive data when a hacker gained access to their system by exploiting a “smart” fish tank that was internet connected to permit remote management of the temperature, salinity and fish feeding. The fact that the data that underpins the sector is digitally stored and transmitted has increased the vulnerability to cyber attack. 

A proportionate approach to cybersecurity

The multiplicity of threat vectors and threat actors to the Media and Entertainment sector means that careful thought needs to be given to how to structure cyber defence in the sector. 

When it comes to cybersecurity it is important to follow the adage that ‘if you try to protect everything, you protect nothing’. Media businesses need to understand where the threats are coming from and what is at risk. The predictable set of Media business targets that the cyber crims are after include: 

That sets us off with the First Key Principle:

1. Identify your crown jewels and build your security around them

Next, it is important to marshal your defence resources against your most likely enemy bearing in mind the cost and challenges that the different flavours of cyber attackers have. The following table charts the main divisions of cyber attackers, what their usual motives are and their anticipated levels of sophistication: 

Depending on who you see as the most likely attack risk, you will need to deploy your security to meet their levels of sophistication. However, bear in mind that defending successfully against medium to highly sophisticated attackers may be beyond the capability and purse of most commercial organisations. The Second Key Principle then is: 

2. Deploy your defences against your most likely attackers

Cyber is a never-ending arms race with technological advances available for both sides of the line of righteousness. Standing still in cyber defence is never an option. The securing of badges showing cybersecurity, such as ISO 27001, while publicly demonstrating a good security-based mindset, can lead to dangerous complaisance – after all on how many days in the year (apart from on audit day) is an ISO 27001 accredited company fully ISO 27001 compliant? As an example of the cyber arms race, we are presently assisting clients involved in a number of deepfake, AI-enabled man-in-the-middle attacks where faked voice and video are fooling senior executives to make payments to fraudsters. The new panacea of AI works just as well in attack as defence. The Third Key Principle: 

3. Your defences need to flex and change continuously to meet the movements in the threat vector

Sadly, even the most sophisticated businesses with expensive and expert cyber defences get penetrated. On 4^th December 2024 U.S. Senators Ron Wyden and Eric Schmitt called for the Defense Department’s top watchdog to investigate the Pentagon’s failure to secure its communications from foreign spies, following the “Salt Typhoon” hack of major telecom companies.[8] If the Pentagon cannot keep Nation State hackers out what chance does a mere mortal have? The Fourth Key Principle is: 

4. You have to plan for a breach of your defences – so divide your cost and effort between security and incident response. How are you going to mitigate the effects of an incident?

Cyber Self-Help

While it suits many to promulgate the line that cybersecurity is intensely complex and as such you need to spend an indecent amount of money to have a chance of keeping the bad hats out, the reality is that a material level of cybersecurity can be achieved without moving mountains and without breaking the bank. 

Our previous article “Whisper it quietly - Cybersecurity costs a fortune. Or does it?”[9]  details twelve steps businesses can take at little or very affordable cost that will pay dividends in improving your cybersecurity and your resilience to an attack. 

Guidance and external help

There is no shortage of valuable assistance freely available on the internet. See for example the US’s NIST Cybersecurity Framework. There is also a swarm of cybersecurity gurus of all shapes and sizes who will be delighted to guide you. But beware as it is often the case of The Good, the Bad and the Ugly.

That said, if you would like to discuss cyber threats or cybersecurity (in the Media and Entertainment sector or otherwise), please do contact Simon or Saarah.  

[1]The Guardian Newspaper in the UK was hit with ransomware in December 2022. X was hacked in January 2023 by a hacker demanding a $200,000 ransom. 

[2]Way back in 2003, the “Hulk” movie was pirated and shown in an unfinished form estimated to reduce the value of the film on release by millions of dollars. The draft script of Spectre was stolen and leaked in 2014. Credential stuffing attacks surged in Covid. 

[3]Putting fans first: consultation on the resale of live events tickets (HTML) - GOV.UK

[4]Ticketmaster hit by data hack that may affect 560m customers | Cybercrime | The Guardian

[5]Sony Games were hacked due to discontent with Sony as a business in 2014. Virgin Media TV were hacked in February 2023 forcing certain programs off the air.

[6] In December 2023 Israeli media business Dori Media Group was hit with a data theft of some 100TB of data with the attack attributed to the (allegedly Iranian backed) hacker group, Malek Team. Western European countries have felt a surge in cyber interference with mass media reports in November 2024 for example, Russia ready to wage cyber war on UK, minister to say.

[7]The UK’s National Cyber Security Centre has issued guidance on how to assess the cyber security needs of major events - Cyber security for major events - NCSC.GOV.UK

[8]What to know about string of US hacks blamed on China

[9]Whisper it quietly - Cybersecurity costs a fortune. Or does it? - Bird & Bird