Magazine article Variety

Security Alert

Magazine article Variety

Security Alert

Article excerpt

A botched movie premiere. The leak of more than 170,000 emails and 30,000 internal documents. The resignation of a senior executive. Pirated recordings of at least three major motion pictures. The disclosure of 47,000 social security numbers, resulting in a multimillion dollar settlement. The Sony Pictures hack a year ago this month was Hollywood's worst cybersecurity breach on record.

But did it change how the industry is approaching security? Are the studios doing enough to prevent the next hack attack? Or is it just a question of time before we will see another incident of this magnitude?

One fact is indisputable: The Sony hack has gotten everyone in the industry thinking about security. "It was a wakeup call," says Bryan Ellenburg, who works as a security consultant for the Content Delivery & Security Assn., a trade association that performs security audits for major studios and their vendors. Ellenburg still remembers his phone ringing nonstop for weeks after the hack. "A lot of people were really freaking out at every level," he says.

The fact that other industries had major breaches of their own contributed to the sense of panic. Hackers were able to obtain 56 million credit card numbers from Home Depot just two months prior to the Sony breach, and close to 80 million people had their data accessed when health insurance giant Anthem was the target of a hack earlier this year.

Major incidents like these have led to a shift in attitudes toward security in the entertainment industry, argues Mark Lobel, principal at PwC. "It has gotten senior executives' attention," he says, adding: "We have seen the landscape changing."

Wynn Rees, VP of content security at 20th Century Fox, agrees that after Sony, it has become a lot easier to explain the impor- tance of security issues to upper management. "The Sony hack has helped us to remain vigilant," he adds. (A Sony spokesperson declined to comment when contacted for this story.)

Rees allows that Fox has had its own set of scares. In one incident, employees became victims of a phishing attack - an email meant to look like a legitimate request from a colleague or an industry connection, only to lead to a rogue website that siphons off personal data, gathers information about a company network, or aims to trick users into downloading malicious code.

The email in question is now part of the studio's regular security training for employees, which is meant to prevent future attacks. "You have to make people paranoid," Rees says. "Phishing is very dangerous."

Schooling employees about security should still be Hollywood's No. 1 priority, Lobel says. In today's world, that has to include not just email, but also social media. People post photos of their favorite food on Instagram, tell their Twitter followers of their current location, and let the world on Facebook know about their friends and family, he adds. That's especially true for Hollywood, where everyone networks and draws attention to themselves.

But living a life in the public eye can also provide ammunition for "social engineering," which is what security experts call the act of tricking people into revealing information that can subsequently be used to access secure networks. "We have seen nationstates do this again and again," Lobel says.

At the same time, studios have to find a balance between their security and the needs of their employees, Ellenburg notes. Giving every employee a new mobile device that's securely managed isn't cheap. "You have to have a degree of trust," he says. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.