Verizon Media: Protecting your OTT streaming service from cyberattacks

The global video streaming industry is a multi-billion-dollar market that’s enabled streaming services of every size to succeed. Yet, with great success comes new risks and responsibilities. The rapid growth of streaming services means that they are now not only home to high-value content but, in some cases, data from millions of customers. Cybercriminals now see streaming services as a treasure trove and are eager to mine premium content and users’ data including, customer payment details, email addresses, physical addresses, and names. Inevitably, the more successful a streaming service is, the more personal data it has, which makes it an increasingly attractive proposition to cybercriminals because they have a greater surface area to attack. Growing pains in these organizations can lead to an increase in cyberattacks that take advantage of the vulnerabilities specific to OTT platforms and technologies.

Nobody understands the extent of cyber attacks better than Hollywood. During the recent launch of a popular streaming service, hundreds of thousands of users complained that they had lost control of their accounts. It appeared that a credential stuffing attack on authentication servers had put many customer accounts into the hands of hackers who attempted to resell access to the streaming service. This example illustrates that no service, large or small, is invulnerable to hackers’ increasingly sophisticated attacks. To shine a light on this pertinent issue, Verizon Media commissioned a survey in 2020, surveying security professionals at streaming and OTT service companies. Participants included broadcasters, publishers, studios, content owners, D2C platforms, aggregators, and sports leagues. The findings informed Verizon Media’s report entitled Protecting your OTT streaming service from cyberattacks, which examines the perspectives of technology executives responsible for securing over-the-top (OTT) streaming services. The report provides readers with a deeper understanding of the risks, the techniques cybercriminals use to exploit vulnerabilities, and the latest security solutions––and the emerging technologies confronting a new set of cyberspace challenges.

Every single streaming service has the potential to attract unwanted cyberattacks from cybercriminals. The most common cyber attacks include:

• Application attacks: cybercriminals exploit vulnerabilities in the application architecture and software code that may or may not be publicly known.
• Distributed denial-of-service (DDoS) attacks: these types of attacks use artificial traffic to disrupt a site or service, making it inaccessible or slow to respond to legitimate users.
• Credential stuffing: hackers exploit the fact that people tend to use the same username and password combination across multiple accounts. In such an attack, the hackers can buy huge lists of stolen credentials from the dark web and use automation to try each one to gain access to the target service.

Although these attack types differ, they are often used in a coordinated fashion. Our survey found that most streaming services have probably already suffered from one of these security breaches:

• 80% of our survey participants said they are not prepared for DDoS and Application Attacks
• 50% said security breaches had degraded their service’s user experience,
• 30% of respondents said a security breach that had caused a service outage
• 14% said of respondents said their content had been misappropriated

It is not surprising that few respondents felt fully prepared for a security breach. Cybercriminals are rapidly evolving their approaches and tactics in their pursuit of premium content and customers’ data. Consequently, cyberattacks are increasing in severity and frequency and the survey reflects the market’s vulnerability. Even those streaming services with a robust defensive solution in place must continue improving and evolving their defensive stance because cyber attackers will continue to look for vulnerabilities relentlessly. Companies can keep pace with the increased sophistication of cyberattacks by adopting more cloud-based solutions. Our survey found that 30% of participants are planning to move cloud-based security solutions in the future to help minimise security breaches. Moving more solutions into the cloud and CDNs provides streaming services with greater scalability and reliability and lower operational costs than on-prem solutions.

Advancements in technology mean that cybersecurity has become a high-tech game where criminals innovate their attacks faster than most IT organizations can adapt their defences. The days of implementing solutions using a whack-a-mole approach and focusing on one cyber defence while ignoring others are over. Hackers use multiple attack approaches, and there is little point in closing one security hole if another is left open.  Streaming services need to work with security experts to identify gaps between their security priorities and their preparedness, evaluate new security approaches, and then leverage a coordinated set of cloud-based solutions that work together to bar all entry points.

Download this report to benchmark your streaming service’s security preparedness compared to your peers’ and use the data to examine risks and actions you can take to protect your content, user data, and reputation. Cybercriminals are always looking for new ways to undermine your business, and the best line of defence is to take a comprehensive and coordinated approach to cybersecurity solutions. The report can be downloaded at https://www.verizondigitalmedia.com/report/ott-security-report-2021

Search For More Content