Collins | Cybersecurity Is More Important Than Ever

Last month’s data breach to Capital One servers exposed the personal information of nearly 106 million of the bank’s customers and credit applicants. Unfortunately, such news items have become commonplace. While individuals’ information is often the target, there are also staggering potential financial consequences for the affected companies.

Media Finance Management (MFM) recently took a deep dive into the numbers, and preventative measures, during a recent webinar entitled Understanding Cybersecurity. The program was presented by WithumSmith+Brown’s Dale Tuttle and Anurag Sharma.

The numbers Tuttle and Sharma shared with participants were alarming. According to the Breach Level Index, 3.3 billion data records were compromised in just the first half of 2018 (before July’s Capital One breach). That equates to 214 records every second. Exposure of consumer information triggers specific (and expensive) responsibilities for companies affected. These statistics make it clear that companies must remain vigilant to both avoid attacks, and to mitigate the losses when attacks do occur.

Cybercrime Trends

While it’s probably not surprising that 56% of breaches are caused by attacks from outside the company, it is troubling to note that 34% happen accidentally. Current cybercrime trends include extortion-driven attacks, ransomware and targeted phishing. Cyber criminals have become adept at what is known as “spear phishing.” This type of attack begins with emails that appear to be from someone the recipient knows. Their aim is to get the recipient to send money, reveal confidential information, or even visit a website loaded with ransomware or other malicious software.

Ransomware attacks are on the rise and ransomware damages have increased 15-fold in the past two years. The criminals behind them seem to be equal opportunity crooks; small businesses are victims in about 50% of the cases. The Withum experts note that it takes an average of 146 days for a company to discover a breach. Even more alarming is knowing that, in more than half of identified cases, the first alert comes from law enforcement.

BRAND CONNECTIONS

Capital One is not the only global name to be breached. Other members of this infamous club include Marriott, Google+, Twitter, Amazon, Verizon, Boeing and Facebook.

Baltimore fell prey to a Robin Hood virus attack that is estimated will cost the city $18 million; the initial ransom demanded was approximately $76,000. Overall, the numbers are staggering with cybercrime damages expected to reach $6 trillion by 2021.

There are things companies can do to improve their odds against the increasing onslaught. The current issue of MFM’s member magazine, The Financial Manager (TFM), includes Patricia Andrews-Keenan’s summary of an MFM conference session on the topic. This article also features a sidebar with key takeaways from the presentation called, “The Cyber ‘To Do’ List.”

Session speakers included Greg Page from Tribune Publishing and KPMG’s Wayne Weaver. They observed that current cybercrime trends are revealing organizations’ cyber skills shortages. Given the escalation on the criminal side, companies need to speed their detection and intervention. Recommended approaches include automated detection processes using artificial intelligence and security orchestration, automation and response (SOAR).

Cybersecurity In The Cloud

Moving to the cloud may provide some cybersecurity advantages. According to the Withum experts, the determining factor is which cloud resources, tools, and applications the company chooses.

They identified three different options:

Virtual Machines in the Cloud (Infrastructure-as-a-Service)

Original cloud model rolled out by Amazon (AWS)
Cloud vendor provides servers that company configures and administers
Company puts its own applications on that virtual machine (with its own licenses)
Vendor provides the hardware and keeps operating system and other things it needs up-to-date (power, patches, network, etc.)

Applications in the Cloud (Software-as-a-Service)

Accessed via a URL (examples include Salesforce or Office 365 applications)
Company still administers users (passwords, permissions, etc.)
Functionality (what it does) is controlled by the provider

Services in the cloud (Platform-as-a-Service)

Cloud vendor provides company with things such as databases, search, and even artificial intelligence tools it can use (vendor owns, installs and patches)
Services are offered using a subscription model.

Who Is Responsible For Security?

The answer depends on who is providing the servers and the software. On-premise solutions require servers, application configuration, administrative functions and other attendant requirements.

In general, cloud-based systems mean the scope of an administrator’s responsibilities are reduced; the cloud provider takes on the security of the overall platform and typically, the security of the machines themselves in terms of keeping operating systems, anti-virus, and other supporting applications up-to-date.

Whether using a cloud solution or some hybrid of internal and cloud systems, companies must remain vigilant and make sure to implement best practices. The experts from Withum recommend:

Conducting cyber risk and phishing assessments.
Beating criminals to the punch with network penetration testing — using simulated cyberattacks to evaluate system security.
Preparing incident response plans.
Hiring or outsourcing someone to act as Chief Information Security Officer (CISO).
Purchasing a cyber insurance policy.

All of the recommendations above include additional costs. However, with the likelihood of a security breach at nearly 30% today, not including them in the budget may be a false economy.

Those interested may purchase a recording of the Understanding Cybersecurity webinar by contacting the MFM office at [email protected]. If you would like to read Patricia Andrews-Keenan’s article on the subject, “Defending the Realm,” an electronic copy of the July/August issue of TFM will be available on the MFM website for a few more weeks.

And please, plan to join MFM for Media Outlook 2020, Sept. 12, in New York City. Among our speakers will be Mary J. Hildebrand, partner, founder and chair, privacy and cybersecurity for the Lowenstein Sandler law firm.

Mary M. Collins is president and CEO of the Media Financial Management Association and its BCCA subsidiary, the media industry’s credit association. She can be reached at [email protected] and via the association’s LinkedIn, Twitter or Facebook sites.

Collins | Cybersecurity Is More Important Than Ever

Comments (0)

Leave a Reply Cancel reply

Stay Connected

Subscribe

Events

Streaming Revenue Strategies for Local TV 16 May 2024

Collaboration and News Production in 2024 23 May 2024

Media Jobs

Digital Platform Specialist

Account Executive – Trainee/New Business Development

Director of Sales

Reporter

Sales Manager, Senior Newscast Producer and Digital Video Producer

Executive Producer, Meteorologist and Weekend Anchor/Senior MMJ

TVN Video

NewsTECHForum 2023 Keynote Panel —Democracy, Technology, TV Journalism and the 2024 Election

NewsTECHForum 2023 - Chasing AI: Threatening or Enhancing the News?

NewsTECHForum 2023 - Adapting to a Culture of Continuous Crisis

TV2025 2023 - Collaboration and the Future of Content Creation

TV2025 2023 - Building a Breakout Hit in a Multiplatform World

Webinar: Tech Leaders on Trends in 2024

Talking TV: Emily Barr on Sinclair's Shuttered Newsrooms

TV2025 2023 - Station Group Leaders on the State of the Industry

TVN Webinars

All TVN Videos

Sponsored Content

Generate more ad revenue with sponsored UGC segments

Drive audience engagement with streaming weather

Navigating the AI revolution in media sales: challenges, trust and harnessing custom AI solutions

Megaphone TV launches new interactive sponsorship platform

Elevate your media sales game: embracing data for a competitive advantage

The 4 walls of television interactive sponsorship sales

The future of cyber insurance: Navigating the complex digital landscape

Why an alerting strategy will help win customers in a multi-platform world

Future-proof compliance with AI speech-to-text technology

Applied AI: An unseen revolution in local TV advertising

Real-time news polls have never been this easy

The year of getting everything connected

Local stations continue to see interactive sponsorship success

What the latest AI breakthroughs mean for live and archive content

How top broadcasters expand compliance logging to embrace OTT monitoring

Delivering creativity on budget and without technological constraints

Byron Allen: Too much talk, not enough action on advertising equity

Market Share

New Jobs Posted To TVNewsCheck

Winners Of The Florida Association Of Broadcast Journalists Awards

WLBT CSD’s Balancing Act For Commercial Production And Station Promotion

Special Reports

NewsTECHForum: The Complete Videos

In 2024, Spot TV Is All About Political

Updated Top 30 Station Groups: Nexstar Retains Top Spot, Gray Now No. 2 As FCC-Rejected Standard General Drops Off

Streaming Revenue Strategies for Local TV

16 May 2024

Collaboration and News Production in 2024

23 May 2024