Be Prepared To Manage A Cyber Attack

It’s not surprising that the agenda for last week’s NAB Show included several sessions focused on protecting stations against cyber-attacks. As NAB speaker Steve Weisman, a lawyer and college professor at Bentley University, pointed out: “When it comes to cyber security and the dangers of being hacked and suffering data breaches, things are not as bad as you think — they are much worse.”

Weisman, who has authored nine books on the subject, warned his NAB session’s attendees: “A data breach can result in embarrassing emails and documents becoming public or it can be much worse, as where your financial accounts can be jeopardized and the personal information of your employees compromised, putting them in danger of identity theft.” Several media organizations can already attest to Weisman’s warnings from painful first-hand experiences.

The other cyber-security sessions at NAB provided a deeper dive into the likeliest cyber threats facing broadcasters. They include: DDoS (distributed denial of service) attacks and unauthorized access — or theft — of licensed digital media assets as well as hacks into digital broadcast studios and transmission facilities.

Last year a terrorist group blocked TV Monde’s broadcast and, just a few weeks ago, hacks into the audio streams of several radio stations and a content syndicator resulted in the podcasting of offensive material.

Cyber breaches come with their own financial and operational considerations. MFM will be addressing these at our upcoming conference May 23-25 in Denver. Included in the agenda for Media Finance Focus 2016 are a keynote address along with a series of in-depth panel discussions on the topic.

We have also been addressing cyber security in our Localism events and sharing the insights from our presenters through our online forums, including Distance Learning Seminars and the “Front Office” columns appearing here in TVNewsCheck.

BRAND CONNECTIONS

A few weeks ago we were privileged to host a local event featuring Stephanie Yonekura and Clay James, partners at the Hogan Lovells law firm. Yonekura, whose background includes serving as Acting United States Attorney for the Central District of California, works in the law firm’s Investigations, White Collar and Fraud practice group and James’ litigation practice encompasses intellectual property issues and privacy and data security. The duo provided participants with a road map for developing an incident response plan for their organization that incorporates the following mileposts:

PRE-INCIDENT

Identify and prepare for the most likely incidents. This requires incorporating threat intelligence in a timely way in order to anticipate how you are most likely to be attacked and by whom. In addition to the types of hacks discussed at NAB, be sure to include the risk of ransomware attacks, which have also been on the rise.

Identify your response team. It should have core team members (IT, operations) and extended team members (legal, finance, communications,) as well as the backup required for ensuring 24/7 coverage. Develop and maintain the 24/7 contact lists as well as a clearly delineated list of the roles and responsibilities for each team member.
Document your response plan. The enterprise-wide plan can take the form of a core policy, one or more procedures, and a playbook. Individual functional groups including communications, legal and investor relations should develop playbooks to support the plan. Keep them short; a few pages are more likely to be read than a document that resembles War and Peace.
Identify external resources. This includes vetting and arranging in advance the specialized and supplementary resources that will be required, such as forensics/ technical vendors, identity theft/credit monitoring services, legal services and public relations consulting.
Rehearse the plan internally and externally. Regularly rehearse the enterprise-wide plan using real-life scenarios that would require the plan to be deployed. Organizations should also participate in industry-wide simulation exercises.
Keep the plan current. Regularly update your plan to reflect new insights and requirements.

DURING THE ATTACK

Contain and control the incident. Technical and other core members should lead the effort to isolate the breach and monitor and mitigate its impact. Rate the incident’s severity and escalate within organization as appropriate.

Work with law enforcement. Establish or supplement relationships with key law enforcement players and ensure company activities avoid obstructing law enforcement operations. Information from law enforcement can aid your company’s response to the attack.

Determine the scope and nature of the incident. Document how and when the incident occurred, including determining what information or systems may have been affected, and assess the risks and your remediation options.

Deploy your remediation and recovery plan. Ensure coordinated and appropriate reports to the company’s senior management and board of directors.

Assess your notification obligations. Review and analyze applicable regulatory notification requirements as well as requirements established by relevant contracts and other agreements. Review the agreements for the scope, nature, and timing of any breach notification obligations.

Conduct the notification process, if necessary. This will involve drafting, reviewing and issuing internal announcements, customer notices and FAQs as well as letters to law enforcement, business partners, consumer reporting agencies, regulators, and other third parties. Organizations are also likely to need call center scripts, website notices and media releases.

Coordinate the offering of remediation services. As soon as the organization knows how its customers or employees have been affected, required remediation may encompass offering credit monitoring and identity theft insurance.

POST-ATTACK PATHOLOGY

Using information gathered during the attack, the organization can identify how it occurred; measures that can prevent its reoccurrence; and changes to the response plan that may be required. The pathology may also involve cooperation between the company’s forensics vendors and law enforcement.

Unfortunately, containing the attack and eliminating the intruder is only the beginning of the post-attack process. It can also entail responding to litigation from customers, shareholders or other stakeholders. As we have seen in larger incidents, there can also be congressional investigations and inquiries as well as potential fines or penalties from the FCC and other government and state agencies.

These aspects of cybercrimes underscore how costly they can become. The latest annual cyber security study by IBM and Ponemon reported the costs to corporations averaged $3.8 million, a 23% increase from 2013 to 2015. And while companies ranked cyber-attacks as one of their top-10 concerns for the first time this year, the 2016 Aon Global Risk study found only 25% of those purchasing cyber insurance were confident their limits complied with best practices and standards governing information security.

Closer to home, the data explain why the Chubb, the only commercial insurer endorsed by MFM, and a leading provider of property and causality insurance for TV stations, is sponsoring our conference breakfast keynote by cyber security expert Jim Prendergast. A partner at the Lewis Brisbois law firm, Prendergast has represented clients that experienced national-exposure data compromises and can share real world learning from these situations.

In his keynote at the NAB Innovation Series breakfast, Shelly Palmer recalled the assessment of cyber threats by FBI Director James Comey when he told 60 Minutes in his first interview: “There are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”

Whether it’s a government-sponsored program, a foreign criminal syndicate or a home-grown hacker, the end result is the same. A cyber-attack can mean significant and costly interruptions to business. Ongoing attention to security protocols, incident response and risk management can mean the difference between an incident that is merely annoying and moderately expensive and one with long-term consequences along with attention-grabbing headlines.

Mary M. Collins is president and CEO of the Media Financial Management Association and its BCCA subsidiary. She can be reached at [email protected]. Her column appears in TVNewsCheck every other week. You can read her earlier columns here.

Be Prepared To Manage A Cyber Attack

Comments (0)

Leave a Reply Cancel reply

Stay Connected

Subscribe

Events

Streaming Revenue Strategies for Local TV 16 May 2024

Collaboration and News Production in 2024 23 May 2024

Media Jobs

Digital Platform Specialist

Account Executive – Trainee/New Business Development

Director of Sales

Reporter

Sales Manager, Senior Newscast Producer and Digital Video Producer

Executive Producer, Meteorologist and Weekend Anchor/Senior MMJ

TVN Video

NewsTECHForum 2023 Keynote Panel —Democracy, Technology, TV Journalism and the 2024 Election

NewsTECHForum 2023 - Chasing AI: Threatening or Enhancing the News?

NewsTECHForum 2023 - Adapting to a Culture of Continuous Crisis

TV2025 2023 - Collaboration and the Future of Content Creation

TV2025 2023 - Building a Breakout Hit in a Multiplatform World

Webinar: Tech Leaders on Trends in 2024

Talking TV: Emily Barr on Sinclair's Shuttered Newsrooms

TV2025 2023 - Station Group Leaders on the State of the Industry

TVN Webinars

All TVN Videos

Sponsored Content

Generate more ad revenue with sponsored UGC segments

Drive audience engagement with streaming weather

Navigating the AI revolution in media sales: challenges, trust and harnessing custom AI solutions

Megaphone TV launches new interactive sponsorship platform

Elevate your media sales game: embracing data for a competitive advantage

The 4 walls of television interactive sponsorship sales

The future of cyber insurance: Navigating the complex digital landscape

Why an alerting strategy will help win customers in a multi-platform world

Future-proof compliance with AI speech-to-text technology

Applied AI: An unseen revolution in local TV advertising

Real-time news polls have never been this easy

The year of getting everything connected

Local stations continue to see interactive sponsorship success

What the latest AI breakthroughs mean for live and archive content

How top broadcasters expand compliance logging to embrace OTT monitoring

Delivering creativity on budget and without technological constraints

Byron Allen: Too much talk, not enough action on advertising equity

Market Share

Winners Of The Florida Association Of Broadcast Journalists Awards

WLBT CSD’s Balancing Act For Commercial Production And Station Promotion

WJZ’s First Hours Responding To Baltimore Bridge Collapse

Special Reports

NewsTECHForum: The Complete Videos

In 2024, Spot TV Is All About Political

Updated Top 30 Station Groups: Nexstar Retains Top Spot, Gray Now No. 2 As FCC-Rejected Standard General Drops Off

Streaming Revenue Strategies for Local TV

16 May 2024

Collaboration and News Production in 2024

23 May 2024