In 2014, Hollywood heartthrob James Franco and well-known funny guy Seth Rogan released the trailer for their action comedy The Interview. The Sony Pictures movie satirized North Korean dictator Kim Jong-Un. In response, North Korea expressed their displeasure with the idea and threatened the United States. Kim Jong-Un himself went as far as to insult then-President Barack Obama with a racial slur.
In November of the same year, one month before the movie’s release, Sony Pictures was the victim of a massive cyberattack. The FBI blamed the attack on North Korea, who subsequently denied it. The incident created conversation in public arenas about cybersecurity in the entertainment world. Since then, other entertainment companies, notably HBO and Netflix, were also victims of cyberattacks.
As far as it has been reported, little has yet to be done by industry heads about this issue. As recently as 2018, it was reported that entertainment companies were some of the lowest spenders on cybersecurity around the world. This begs the question: how should the entertainment industry be protecting itself against cyberattacks?
Fishing Out the Phishers
Hollywood professionals need to be in the know about the most common types of cyberattacks. Some happen via insecure digital infrastructures, as well as those which result from human error. Within the production chain of a film, there are many weak spots that hackers can take advantage of.
Regarding human involvement, many cyberattacks happen due to the sheer amount of people involved in the making of a movie or television show. Phishing, typically hacking through digital communication such as e-mail, is an extremely common way for cyberattacks to take place. To tighten cybersecurity, individuals working on a production should be taught the following:
Vet suspicious email addresses, even if they claim to be from reputable sources.
Do not click on any URL that does not have HTTPS.
Do not open sensitive financial or movie data when connected to a public server.
On movie sets, there can be a large number of people, and it can be difficult to explain all of this to them. However, they should be made aware of the cyberattacks that might take place via social media use and smartphones.
This doesn’t let Hollywood off the hook, though. Production companies need to ensure their servers are secure. In an op-ed published by Variety on the issue in 2017, guest writer Emma Hopson-Hill wrote about ways that film production companies could tighten up their web security in general. She argued that all connections should be secure and that two-factor verification should be set in place as well.
Identifying the “Crown Jewels”
Even with the aforementioned precautions taken, hackers will continue to sharpen their skills. Additionally, human error is inevitable. Because of this, experts like Mike Loginov from Ascot Barclay Group told the International Broadcasting Convention (IBN) that entertainment companies should identify the “crown jewels” of an operation and put more resources into protecting them.
According to IBN’s summary of the conversation, hackers are more likely to attack the most convenient assets. Thus, the ones that are most crucial should be the least convenient to get ahold of. Within Hollywood, this may include personal and financial information, as well as major movie details.
This game plan can be utilized by other industries as well. Examine which assets and pieces of information are the most valuable. Rate them for how much damage would ensue if they were compromised. Guard those assets with appropriate measures.
Installing a Disaster Management System
If disaster strikes, there need to be measures set in place to reduce the amount of damage that could happen. For instance, in the Sony hack, one employee was reportedly asked “sorry, how much do we pay you?” when questioning the company about his lack of a paycheck. The organization had lost such an extensive amount of data that they couldn’t even determine how much they paid employees. A proper disaster management system can prevent such a scenario.
However, because advanced technology has made businesses more vulnerable to cybercrime, there need to be measures in place to ensure business can continue as usual. In the aftermath of a cyberattack, digital documentation and forms help with things like makeshift attendance sheets and other cloud-based means of communication. These things are necessary when working with actors and crew members. These backups should be part of your disaster management system, and they are handy should a network go down.
Once a disaster system is set in place however, it needs to be tested. In an article by Eastern Kentucky University, crisis simulation was a recommended part of cybersecurity: “Because threats are constant and evolving, testing [should occur] multiple times throughout the year.”
What Will Happen to Hollywood?
The last major Hollywood breaches happened in 2017 when new episodes of “Orange Is The New Black” were leaked in a Netflix attack and a script for “Game Of Thrones” was stolen from HBO. As recently as 2018, film production companies still showed negligence when it came to cyberattacks.
Unless the film industry starts to take cyberattacks more seriously, we may see more situations like that which affected Sony, HBO, and Netflix. Tightening security in production chains, protecting what’s most important, and setting up disaster measures should be high priority. Since these aren’t being taken seriously, it may only be a matter of time before we see another hack take place.
Image Source: Unsplash