Media companies are doubly susceptible to supply chain cyber attacks from known vulnerabilities than other industries, according to a new study from BlueVoyant, a cyber defense provider and Top 250 MSSP.
Media Industry a Favored Attack Target
Media, in particular, rely heavily on third-party providers to produce, distribute and manage content, including vendors, service providers, partners and technology companies. Therefore, the extensive supply chain makes content providers particularly vulnerable to malware attacks, BlueVoyant said in its report, Media Industry Cybersecurity Challenges: A Vendor Ecosystem Analysis. Roughly 30% are vulnerable to attacks by bad actors in their publicly accessible, internet-facing platforms, the study said.
The study was led by Joel Molinoff, BlueVoyant vice chairman and former executive vice president and chief information risk officer for CBS, and Dan Vasile, BlueVoyant vice president of strategic development and former vice president of information security at Paramount.
Molinoff explained the challenges facing media companies:
"The media industry is facing many cybersecurity challenges — from content leaks that directly impact revenue, to cyber attacks on distribution channels, and ransomware. The report shows that media industry vendors are more susceptible to compromise than those in other industries. The silver lining is that the media industry can take proactive steps to improve its cyber defense posture."
BlueVoyant Advises Continuous Monitoring
Other key survey findings include:
- The percentage of media vendors susceptible to compromise is double that of a multi-industry benchmark composed of all companies monitored by BlueVoyant.
- Half of the most common media vendors providing content management solutions have been identified with potentially compromising vulnerabilities.
- Timely patching is a significant issue for the media industry, with 60% of identified vulnerable systems still unprotected six weeks after a patch has been issued.
"In order to improve their cyber defense posture, media companies should continuously monitor their extended vendor ecosystem, using analysis to prioritize mitigation of the most critical findings," said Vasile.
The highest profile cyberattack on media companies is still the infamous hack on Sony Pictures in 2014 that cost the studio millions.
