How the movie industry can fight the growing hacker threat

Making a feature film or television series is an expensive exercise. Production costs and marketing can push even a modest project into the multi-million dollar category.

It's these costs, together with the need to recoup them through distribution deals, that has studios increasingly concerned about the threat posed by hackers. Stolen content posted on the internet can cause a drop in box office sales and a dip in television audiences.   

The issue was highlighted earlier this year when a hacker dubbed the Dark Overlord stole multiple episodes of the hit Netflix series Orange Is the New Black and released them online after failing to secure a ransom payment. The cybercriminal has boasted of harvesting even more material from other studios.

Meanwhile other hackers allegedly breached Disney’s film production unit and claimed to have obtained a major movie. They then threatened to release it if the studio didn't make a ransom payment. Disney, working with the FBI, ultimately determined that no hack had actually taken place however the event pushed cyber security high up the company's priority list.

Holding content hostage

Hacking might have been going on for decades, however holding hacked content hostage is a more recent trend. The hacking of entertainment company Sony in 2014, ascribed to the North Korean government, seems to have marked a turning point. Attacks, whether via social-engineering or unauthorised human intervention, are shifting up the content-handling chain and promise to become more expensive for content creators if they succeed.

Interestingly, consumers are not totally sympathetic to the plight of the industry. Industry research reveals around a third of consumers admit to watching pirated content and are unmoved by the potential financial damage it causes to studios.

Totalling the cost of piracy to content creators is difficult and industry estimates vary widely. There is widespread agreement, however, that the amount is in the billions of dollars each year.

What's not in dispute is that the impact is greater the further up the supply chain the piracy occurs. A single end user sharing a Netflix password costs the company $10 per month whereas a single download and illegal posting of pre-released content could cost a studio millions in lost revenue. 

Countering the problem

The risk is undeniable and content creators are constantly searching for ways to counter it. It's been suggested that studios and post-production houses should take their video assets offline and handle them internally via closed networks, however this is not the best answer to the problem.

Putting aside the increased costs, in terms of both labour and delays in getting content to market, there are multiple reasons offline processing might only compound security problems. These include heightening the risk of data-entry error and introducing additional touch-points to the process that potentially increase the studio or post house’s vulnerability to an “inside job”.

Instead, the content community must think in terms of rigorous security procedures that are drummed into personnel, backed up by an audit trail that logs every person and event that touches a video asset.

Best practices

While nothing is 100 per cent effective against social-engineering attacks, following some best practices for security can reduce exposure. They include:

• Ensure all connections are secure: Lock down all network protocol ports that are unnecessarily open. Know what is connecting to what and eliminate weak links in the chain. Surprisingly, there are still systems that use unencrypted HTTP rather than HTTPS.
• Initiate two-factor authentication: Combining a password with a physical device or token provides is far more secure than using passwords alone.
• Perform regular penetration testing: Check to make sure there aren't holes in the security perimeter. Regular testing is essential.
• Consider DRM: implementing digital rights management (DRM) into the production cycle can strengthen security and thwart illegal access and copying.
• Foster discussion:  Ensure everyone in the organisation is aware of security best practices. Traditionally, production teams have assumed cyber security is handled by the IT department however, in this new environment, everyone needs to be aware of the risks.

Cyber crime is an issue that spans every part of the content lifecycle and no single organisation can solve it alone. However, having a heightened focus on process security will help keep movies and television shows as secure as possible. The result will be a more resilient industry better able to deal with the challenges of operating in a digital world.

Bea Alonso, Business Development Director, Media Logistics, Asia Pacific and Japan, Ooyala