BlueVoyant Analysis Finds Media Industry Impacted By Vendor Cybersecurity Challenges

August 22, 2022 | 3 min read

Joel Molinoff and Dan Vasille

Cybersecurity incidents, compromises, and security challenges seemingly affect all types of enterprises and industry segments. There are few sectors immune from cyber threats or attacks and security practitioners struggle to keep up with the ever-expanding threat landscape.

One industry that faces specific challenges is the media industry, which relies on a complex system of vendors to both produce and distribute content. Since the Sony compromise of 2014, major media companies have worked hard to improve their security postures, implementing tighter internal controls and following best practices. Yet content producers and others across the media value chain have increasingly come to rely on third parties — companies they need in order to create finished products — but have little control over or visibility into — from a security and risk perspective.

BlueVoyant’s new report, Media Industry Cybersecurity Challenges: A Vendor Ecosystem Analysis, analyzes the common vendors used by media companies and identifies specific risks associated with the media industry vendor ecosystem analysis.

In the report, we found that interconnected and overlapping virtual ecosystems create challenges for the secure production, distribution, and management of media. The industry is dependent on vendors, service providers, partners, and technologies ranging in size and cyber exposure. This results in a third-party ecosystem that is extremely fragmented and opaque, making it complicated to manage risk.

This led BlueVoyant to perform a cyber posture analysis of 485 commonly-used vendors in the media industry sector. For comparison purposes, we also reviewed the extended non-media focused vendor ecosystem so we could get a better grasp of the relative challenges.

In short, compromises and cybersecurity issues impact all segments of the media value chain, which is broken down in the report.

Although the media industry is challenged by the risks highlighted by this report’s findings, there are industry-wide initiatives under way to reduce risk throughout the production process. MovieLabs, a media industry consortium, has laid out a 10-year vision called the “The Evolution of Media Creation,” aimed at modernizing and improving the production process.

The MovieLabs initiative focuses on cloud-based production management, zero-trust security and software-defined workflows, all of which would help improve the overall security of media production and distribution, both within movie studio environments and those of their supporting vendors and partners.

BlueVoyant can also play a pivotal role. Our platform — particularly Terrain: SCD™ — identifies and assesses cyber risks using external data sources only. The platform identifies organizations’ internet-facing software vulnerabilities and other exploitable opportunities with techniques similar to those used by external cyber attackers while profiling prospective targets.

Additionally, the research looked at Zero Tolerance Findings, defined in the report as those vulnerabilities commonly targeted by adversaries that have a remediation (either a patch for a software vulnerability, or a configuration change for an IT hygiene risk) readily available and easily implemented.

There are more interesting findings, data points, and key recommendations within. Be sure to download the report today.

We will also be hosting a webinar at 10 a.m. ET/ 3 p.m. BST/ 15:00 CET on September 8 to discuss the report’s findings in further detail and to answer questions. Current clients, security professionals, and other parties are encouraged to register.

Joel Molinoff serves as Vice Chairman, Strategic Development Group at BlueVoyant. Prior to joining BlueVoyant, he served as Executive Vice President, Chief Information Risk Officer and Chief Information Security Officer for CBS Corporation.Dan Vasile is a BlueVoyant Vice President, Strategic Development. He previously served as Vice President of Information Security at Paramount.