Production companies need to revise the way they access the internet or more major studios will fall victim to hackers because of web-borne attacks.
News of an unreleased Disney film (coincidentally about pirates) being held hostage by hackers marks the latest in many costly and embarrassing web-based attacks targeting content producers and their supporting vendors.
The causes of these data breaches have one thing in common: criminals gained unauthorized access via the web.
In the case of Sony, malware installed via an open port exfiltrated terabytes of sensitive data, including emails, contracts, and content. For Disney and Netflix, their breaches seem to have occurred because criminals targeted a production partner with weaker defenses.
Bottomline: The movie industry serves as another high-profile example of how valuable certain data -- in this case, intellectual property -- has become to criminal hackers and how easy it is to steal because of porous defenses.
Hackers thrive on Hollywood connections
Glitz and glamour aside, content producers are no different from other companies insofar as their operations depend on access to the web and working online with trusted partners.
From email apps to bookkeeping software to streaming video, the web now determines how most business is conducted - the movie and entertainment business included. But unfettered access to the web also leaves gaping holes for outside parties to attack.
IT professionals face the impossible challenge of opening up the network to important web apps like Office 365 while simultaneously keeping all dangerous content out.
Further complicating matters, malicious code can piggyback on approved channels, e.g. nefarious attachments enter the studio through corporate email. Malvertising can take over the browser when a studio employee simply visits a media site whose online ad network has been compromised.
Hello Hollywood, disconnect from the web…
So how can production studios protect themselves better? Could they disconnect from the web without forfeiting its advantages?
Many organizations have considered virtualization as a possible solution -- i.e. any time a user needs access to the web, they connect to a virtual desktop and access the web through an intermediary.
There are numerous DIY instructions available online, some dating back over a decade. The problem with such a solution are the costs. They can overwhelm even the largest organizations. License fees for Virtual Machine/s (VM) and the OS, hardware spend, and expenses for regular updates to keep images current add up quickly.
Even if an organization is willing to accept those expenses as the cost of doing business, it is still saddled with the vulnerabilities of a regular endpoint device and browser, albeit virtualized now. Even a virtual desktop can be infected with ransomware, with very real consequences.
...without losing access: enter Silo
Silo, the secure virtual browser developed by Authentic8, takes the best of virtualization and incorporates the benefits of the Software-as-a-Service model. Leading financial services providers, law firms and other security-sensitive organizations have chosen this "Browser-as-a-Service" approach to protect their digital assets.
Users get the security of a virtual browser running remotely. Administrators have a predictable cost model that includes maintenance and support. And online attackers don't get the red carpet treatment anymore.
This approach lets content producers tighten their network perimeter while still providing access to the web via Silo. With fewer authorized apps, IT can tightly monitor all traffic into and out of the organization, and the virtual remote browser isolates and neutralizes potentially dangerous web code outside the network before it can touch the local IT infrastructure.
We’ve seen other industries pass along tightened security requirements -- many banks now require their law firms to shut off the web. Movie studios are now passing along similar requirements to their various agencies and vendors.
With Silo, anyone can isolate the web from their network while still keeping their users secure and productive.
(no credit card required)