When the Disney+ streaming service went live on November 12, 2019, hackers immediately attacked many of the site’s users, taking over their brand-new accounts, logging them out of all devices, and changing email and password settings.
These hackers then offered the stolen accounts on hacker forums or sold them on deep web marketplaces for $3 to $11 each, according to security reporter Catalin Cimpanu’s ZDnet.com article, “Thousands of Hacked Disney+ Accounts Are Already for Sale on Hacking Forums.”
Users also flooded Disney+’s IT team with complaints about technical issues. Disney appears to have been unprepared for its own launch date, underestimating their service’s success. “The Mandalorian” alone (a “Star Wars” live-action series produced by Disney) instantly grabbed millions of fans the moment the app went live.
Strong security measures and protocols are imperative for online businesses, beginning as soon as they are made available to the public. Cyber security in the entertainment industry is especially crucial because of the volume of users who will utilize these online services. Obtaining an online cyber security master’s degree can make candidates more qualified and attractive for many of the more coveted cyber security positions.
Security Risks in Entertainment
As the entertainment industry continues to migrate away from broadcasting and DVD/Blu-Ray sales toward online content and streaming, the risk of hacking and its potential damage increases daily. Familiar risks, such as stolen credit card credentials and malware, mix with industry-specific threats such as pirated movies and hacktivism.
In 2015, for example, North Korea was implicated in the hacking of Sony Pictures Studios in an attempt to stop the release of “The Interview,” a comedy revolving around an assassination attempt on Kim Jong Un.
In “The Rise of Hacktivism,” Georgetown Journal of International Affairs journalist Dorothy Denning writes that the dangers of state-sponsored hacktivism are a growing concern, especially in entertainment where political ideologies and messages are often incorporated into movies and music.
So, which specific risks are the most prominent in the business of entertainment? D3Security Communications Manager Walker Banerd answers this question in “Hacking Hollywood: Cyber Security Threats in the Entertainment Industry” on his company’s blog:
- Leaked content: Insiders with access to not-yet-released content can leak files to file-sharing servers. Also, hackers can use spear-phishing techniques to trick high-profile entertainment personnel into divulging access credentials to secure databases and servers, revealing new music and movies to malicious actors.
- State-sponsored attacks: Entertainment corporations generally maintain significant pull on cultural trends and beliefs. Like the alleged North Korean-sponsored attempt to take down “The Interview,” state- or organization-sponsored hacktivism attacks can target controversial entertainment content.
- Public scrutiny: Leaked emails are common after successful hacks, but leaked emails and communications of celebrities are fodder for public scandal, media circuses and ruined lives. And a lot of leaked information can be taken out of context.
- Sabotage: Productions can be attacked and crippled by malicious actors for any number of motivations, including terrorism, religious fundamentalism, political idealism or simply a desire to spread anarchy for anarchy’s sake. Regular file maintenance and backups can reduce this type of attack.
“All of these threats pose a tangible risk to the financial, legal and reputational standing of entertainment companies,” explains Banerd. “In Hollywood, even the comparatively benign publication of private information, messages or images can have an outsized effect given the importance of brand, celebrity and professional relationships.”
Measures That Increase Entertainment Cyber Security Effectiveness
In 2017, HBO suffered a massive security breach to its servers, resulting in the cyber-pilfering of unreleased episodes of popular shows (“Game of Thrones” among the ripped content) and the exposure of sensitive internal documents.
“From knowledge as to the cause of the HBO attack as well as the extent of the breach, it can be inferred that practices and controls surrounding information access, access controls, identity management, desktop security and network intrusion monitoring and prevention…will be in the crosshairs,” writes Virtusa.com Vice President Robert N. Sutton in “Cybersecurity in the Media & Entertainment Industry: What’s New?”
As the risks associated with lax or incomplete cyber security efforts become more real and threatening in the eyes of entertainment company C-suites, executives are taking cyber security funding more seriously.
In a 2019 Media and Entertainment Tech Outlook blog post, “Media and Entertainment Companies Enhancing Their Cybersecurity Posture,” the news website presents several primary areas where cyber security measures are needed:
- Discovering and prioritizing assets: Each company asset needs to be analyzed and prioritized according to how they affect the business.
- Vet third parties: Strict rules and security requirements for third-party vendors should be in place to protect sensitive data to which the vendors have access.
- Safety measures: Every level of a company should have safety, security and monitoring measures in place, from internal networks to IT departments to mobile apps. Such security can prevent or reduce malicious insiders, denial of service attacks and theft of digital assets.
- Incident response plans: Cyber security departments and company management should regularly rehearse planned responses to breaches. Faster response times will lessen the amount of damage and compromised data caused by an intrusion.
For professionals considering corporate cyber security careers, the entertainment industry can offer a fast-paced, high-paying, challenging option. Experts with the skills to maintain the complex systems and safeguard the valuable and highly coveted digital assets inherent in this field can expect to be in high demand.
University of North Dakota’s Master of Science in Cyber Security Program
Choosing the right online cyber security master’s program is crucial. The best programs offer courses that keep current with today’s cyber security issues and concerns.
UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and ranked by U.S. News & World Report as one of the Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.
UND prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information, visit the program’s website.
Thousands of Hacked Disney+ Accounts Are Already for Sale on Hacking Forums – ZDnet.com
The Rise of Hacktivism – GorgetownJournalOfInternationalAffairs.org
Hacking Hollywood: Cyber Security Threats in the Entertainment Industry – D3security.com
Cybersecurity in the Media & Entertainment Industry: What’s New? – Virtusa.com
Media and Entertainment Companies Enhancing Their Cybersecurity Posture – MediaEntertainmentTechOutlook.com