Protecting against the cyber-threat explosion – A report on the recent IABM cyber-security event
This report was written by Rob Ettridge, Chief Client Officer at Red Lorry Yellow Lorry
As Les Anderson, global CSO & vice president cyber-security at BT, succinctly put it in his keynote: “It’s too easy to do badness.” His opening line at the entertaining and informative IABM cyber-security event, held at the imposing BT Tower, set the scene nicely for the myriad cyber-threats every business is now facing. And Anderson knows better than most, having spent 16 years as deputy director at the UK’s intelligence and security operation, GCHQ, prior to taking up the security reins at BT.
Anderson highlighted that the cyber-attack vector global organisations are up against broadly fit into four key areas: hacktivism (hacking computers to disrupt services and promote political agendas or social change), nation state (disrupting critical infrastructure), criminal (including theft of IP, extortion or fraud) and terrorist (intelligence gathering and preventing acts of terror). The spectrum of attacks is mind-boggling, huge and increasingly varied – from global weaponised malware like Wannacry and Petya to IoT Botnets and DDos attacks to ransomware and phishing tools for criminal gain.
For the media and entertainment industry, the challenges are broadly the same as in any sector. Certainly cyber-security is high on the boardroom agenda for broadcasters, content owners and content distributors, according to recent IABM research. Anderson pointed out that it’s up to broadcasters to balance opportunity and risk – often two sides of the same coin. While digital transformation and service innovation drive new consumer offerings, with innovation also comes risk. It’s up to each organisation to work out where they sit on this spectrum of innovation and ease of use vs risk and security.
For BT, cyber-security teams are deeply embedded in the business to enable the organisation to operate effectively but also securely. An army of over 100 BT ‘white hat’ hackers do their utmost to break BT systems before evil forces can. Perhaps the surprising thing was to hear Anderson, a chief security officer, saying: “As a security team we act more as a guide dog than a guard dog – helping not hindering the business.” But it makes sense. For it to be effective, security has to work within the wider business context.
Highlighting the key cyber-security themes for 2018 as data security, cloud security and the growing sophistication of ransomware attacks, Anderson admitted that the insider threat is still top of the list. It’s the hardest area to control, employees either being careless with information and security or maliciously looking to leak or sell information. “Having paranoid vigilance helps,” noted Anderson.
John Dyer from Darktrace, a disruptive global machine learning company for cyber-defence, agreed about the insider threat. “It’s very difficult to protect from human fallibilities or failings,” he said. He also pointed to the growing complexity of cyber-threats from the new ecosystem businesses operate in – made harder from outsourced IT, SaaS, cloud, virtual supply chains, IoT, artificial intelligence and machine-on-machine attacks. He noted: “Legacy security is constantly outpaced and there has been an extraordinary explosion in the vulnerabilities of how we can all be attacked.”
The essence of Dyer’s engaging talk was all about the shift to self-learning, self-defending networks in a new era of cyber-threats. Darktrace is learning from the human body’s immune system and how it adapts to and beats viruses – replicating this ‘human pattern of life’ to use AI to predict, manage and prevent cyber-attacks.
Unfortunately no company is immune to cyber-attacks and the dangers will only grow, especially in industries like media and entertainment where companies have valuable TV and film content. The Sony Pictures hack back in 2014 proves the point. Broadcasters, content owners and content distributors need to work together and look carefully at their IT and content estates to see what is exposed. All the speakers agreed there is a huge need for education and training to help broadcasters proactively manage and protect their estates effectively and securely. As Jay Coley, senior director security planning and strategy at Akamai, summed up: “Media companies need to be constantly paranoid. But don’t let that paranoia hamper innovation.”
About Red Lorry Yellow Lorry
Red Lorry Yellow Lorry is a top 15 PR Week tech PR agency delivering b2b technology PR, customer and internal communications.
Click here to find out more about Red Lorry Yellow Lorry