By Shirish Nadkarni
Does anyone remember Kevin Mitnick, the world’s most famous hacker? The man was an American convicted hacker before he reformed and became an author, public speaker and successful computer security consultant.
In 1995, he was arrested for various computer and communications-related crimes and spent five years in prison after being convicted of fraud and illegally intercepting communications. Law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone".
After his release from prison, he ran his own security firm, Mitnick Security Consulting, and was also involved with other computer security businesses, being part owner of KnowBe4, provider of an integrated platform for security awareness training and simulated phishing testing.
Mitnick died of pancreatic cancer in July 2023 at the age of 59, but his work in cybersecurity lives on after him through his wife who took over the business and continues to provide businesses with cybersecurity services of top order.
Today, cybersecurity for broadcasters, especially those creating news content, faces a double whammy. The rise in remote and cloud workflows means that security must now be applied on-premises, in the field, and at home. Then there is the increase in cyber breaches, ransomware, and other attacks, making security even more complex and critical.
Media consumption patterns have significantly shifted to hyperconnected and multi-platform media ecosystems, pushing media enterprises to adopt production and distribution strategies that reach diverse audiences. Broadcast media enterprises have developed a variety of Internet Protocol (IP)-based content delivery systems to build these new media ecosystems, but in doing so, have also opened the door to more threats at every stage of broadcasting, from media production to consumer experience.
Businesses that are collectors and storers of data on a grand scale are especially ripe for targeting, according to IBM president and CEO, Ginni Rometty. “Cybercrime,” she said, “is the greatest threat to every company in the world.”
Cybercrime costs are projected to reach US$14 trillion in 2026, with the average breach costing individual companies $4.88 million. Projections estimate that cybercrime may cost $23 trillion worth of damage by 2027. Cybersecurity companies are using advanced technologies like AI and machine learning to combat threats, with many specialising in network, cloud and access security to protect businesses.
Paradoxically, adding to the complexity of the piracy and hacking problems is AI, which has become increasingly common in attacks. In fact, according to Capital Technology University, around 40% of all cyberattacks now leverage AI in several devious ways. Some of the most common include developing believable malware, generating spoof messages and automating password exploitation.
Fortunately, many cybersecurity companies are leveraging the very same technology to provide better and faster security for organisations. As many as 44 known and recognised companies in the field of cybersecurity try to keep their clients safe from attacks by cyber pirates who are always innovating new ways of getting past their victims’ defences.
For cybersecurity in broadcasting, there are companies like Nagra and Irdeto offering specialised digital rights management (DRM) media protection, while companies like IBM, TCS, HCL, Wipro, Palo Alto Networks and Fortinet specialise in network/endpoint/cloud, broad enterprise security and integrated solutions.
Firms like Lumifi and Avid focus on broadcast workflows, content protection, and 24/7 monitoring, securing IP, preventing piracy, managing threats, and protecting streaming and production systems.
Avid builds security into media workflows (Secure Software Development Life Cycle, or SSDLC), protecting content from design to delivery, which is vital for broadcasters. “We place a paramount focus on security to protect our customers and employees, and the community,” said Shailendra Mathur, Vice-President of Architecture & Technology.
“The rapid growth of the content creator community and the growing decentralisation of the workforce present an escalating challenge encountered by all security teams, particularly considering the recent COVID pandemic. The ability to provide secure channels for organisations to collaborate is critical to supporting timely delivery of content to consumers.”
Basic security mechanisms must be in place regardless of whether an organisation is a post house, a news group, or other media company. But the needs of news organisations differ from others. News, by definition, is distributed, collaborative, happens fast, in real-time, making remote cybersecurity for broadcasters even more critical than in other media segments.
“There cannot be too many constraints on the workflow, so the security constraints have to adapt to the workflow,” Mathur explained. “You can’t ask a journalist to work only inside a facility. You must have mechanisms where they can securely bring content in from wherever they are.”
Also unique to news is the ability to authenticate news and detect fake news. According to Mathur, it is an accepted paradigm that it is now easier to authenticate a reliable news source than to verify whether it is fake.
“There have been methods of establishing provenance using invisible watermarking in our products and workflows that are available through some of our technology partners,” Mathur said. “There is a need to establish provenance and authenticity of content other than video and audio, like text-based stories and scripts.”
Towards that end, media industry vendors, including Avid, established the Coalition for Content Provenance and Authenticity (C2PA), to create a mechanism to validate content.
“Cyberattacks are a worry for everybody, not just news organisations, although they are a bit more vulnerable than post- production facilities because of their remote workflows,” Mathur commented.
“The top one has been ransomware. We have unfortunately seen post and news broadcast enterprises affected. Apart from prevention tools, these enterprises are also putting in recovery mechanisms using our products such as MediaCentral | Sync to back up their assets and content for disaster recovery purposes.”
Several distinct security approaches help media companies protect their assets. “Some security compliance standards we and our customers like to use follow the maturity-based model using checklists and best practices.
“While we must make every part of our operations and products mature when it comes to cyber-security threats, the risk-based approach allows us to prioritise the efforts.”
When customers detect vulnerabilities in their environment, Avid acts. The company posts a regular security bulletin informing customers of any changes due to new vulnerabilities that may have been discovered in its products or independent operating systems.
“Being one of the leading vendors in our segment, Avid has a responsibility to ensure that our products are built with security embedded and by design,” said Tom Sharma, Avid’s CTO. “The same goes for our organisation, which in the last four years has grown its cyber security posture and maturity as part of an established information security programme covering both enterprise and product security.”
Media organisations are implementing a variety of security tools and processes with new options being introduced. The use of traditional network security like VPNs rose in popularity during COVID as more people went remote and continues today.
“Encryption converts data into a coded form that can only be accessed with a decryption key,” added Sharma. “Well controlled identity management and access controls provide granular access to systems and content.
“Multi-factor authentication goes beyond traditional password control to increase verification of identities. Single-Sign-On makes it convenient to reuse authentication across multiple systems and applications. Watermarking embeds unique identifiers into media files to identify unauthorised distribution or piracy sources.”
Cybersecurity for broadcasters is a shared responsibility because it involves multiple stakeholders, including media organisations, content creators, and technology providers. Each one has a role in ensuring media workflow and content security.
“The cloud offers significant advantages for solving long standing information security challenges,” said Muhammad Malik of Information Systems Audit & Control Association (ISACA), a global professional association formed in 1969 to focus on IT governance, security, assurance, risk, and control.
“In an on-premises environment, organisations likely have unmet responsibilities and limited resources available to invest in security, which creates an environment where attackers can exploit vulnerabilities at all layers. In today's digital era, where technology is an integral part of our daily lives, the importance of cybersecurity cannot be overstated.”
With over 170,000 members worldwide, ISACA brings together professionals from diverse industries united by the common goal of excelling in the digital age. Their focus is on providing knowledge, resources, and practical guidance to ensure the security, privacy, and resilience of critical information and infrastructure.
The broadcast industry has found a few cybersecurity companies that can be counted upon to deliver the goods. Among them are Palo Alto Networks, Fortinet, Cisco, Trend Micro and Sophos, which offer firewalls, network security, endpoint protection, and cloud security.
CrowdStrike, Symantec, McAfee and Rapid7 provide endpoint detection, vulnerability management, and advanced threat protection. Cloudflare offers DDoS mitigation, network security, and web/application security. Snyk, Rubrik, Verimatrix, Rapid7 and BAE Systems operate in the same field.
Paladion Networks specialises in Managed Security Services (MSSP), Security Information and Event Management (SIEM), and cloud security for broadcasters and media. The Indian environment is dominated by Tata Consultancy Services (TCS), Wipro, Infosys and HCL Technologies, which offer comprehensive managed security services, threat hunting, and incident response, often with dedicated Fusion Centres.
Palo Alto Networks is a cybersecurity company that has soared above many others in the space of just two decades. Founded in 2005 and headquartered in Santa Clara, California, the company is known for its AI-driven, platform-based approach that integrates next-generation firewalls, cloud security (Prisma), and security operations (Cortex) to protect networks, clouds, and endpoints from modern threats.
The company has been transformed from its initial style of offering point products to a comprehensive platform, consolidating security data and providing AI-powered threat prevention for enterprises and governments worldwide.
“Our mission is to be the cybersecurity partner of choice, protecting digital life with continuous innovation in AI, automation, and analytics,” said Meerah Rajavel, Palo Alto’s Chief Information Officer. “In essence, we provide a broad, integrated cybersecurity framework designed to handle complex, AI-powered threats across the modern digital landscape.
“Palo Alto Networks implemented a fundamental change in its business approach approximately two years ago and we are now a leader in providing next-generation firewalls. Our network security platform is AI-powered and built for Zero Trust.”
Broadly, broadcast media enterprises’ concerns about cybersecurity threats can be divided into two groups, viz. corporate IT security issues, which are prevalent across all businesses (data centres and network applications); and broadcast media security challenges, which are specifically related to the organisations’ core business activities.
It is critical to address the latter cybersecurity concern and understand how to develop a cyber-resilience strategy to meet the challenges, especially during the broadcast of high-profile live events.
These concerns, in turn, have turned cybersecurity into a vibrant, thriving multi-million dollar business.