The ransomware attack that was unleashed on to computers in over 100 countries on Friday 12 May demonstrated just how important it is for media companies to take the issue of cyber security seriously.
Companies and organisations as diverse as Britain’s National Health Service, Germany’s Deutsche Bahn rail network (pictured left), Spanish telecommunications company Telefonica and car manufacturers including Nissan and Renault, each suffered from the consequences of this immense cyber attack. The Association for International Broadcasting’s own Cyber Security Working Group is actively collating data on any impact there has been on media companies from this attack.
On Friday evening, the AIB’s Twitter feed (right) linked to a map of incidents traced around the world produced by a UK-based IT expert going under the name of Malwaretechblog. This 22-year-old was subsequently reported to have discovered the “kill switch” for the ransomware, bringing much of the attack to a halt (http://www.bbc.co.uk/news/technology-39907049).
“The Association for International Broadcasting has been actively working on the issue of cyber security with its Members,” said Simon Spanswick, chief executive of the AIB. “Since the attacks on Sony and TV5 Monde, the AIB has been bringing its Members together to share information and intelligence and to explore how to encourage the entire media industry to work together, and with suppliers, to combat the threat of attack. We have been telling media companies that the issue of cyber security is one of their major governance challenges. It requires board level discussion and for a board member to take responsibility for the issue as this is not simply an IT issue. It goes to the heart of a company’s responsibility to protect itself and its employees, and to ensure that it can continue to operate in a worst case scenario. The AIB is there to support its Members on this crucial, mission-critical issue.”
As part of the AIB’s work on cyber security, the Association is pressing home the need to take the entire security issue seriously at the highest levels in all organisations. In April 2015, the AIB published advice to its Members in a briefing document that remains relevant today. AIB Members can request a copy from the Secretariat.
In October 2015, the AIB worked with Deloitte to deliver a high-level confidential briefing event on the issues of cyber security. The one-day conference brought together representatives of many AIB Members, as well as key players in cyber security including Britain’s GCHQ that has responsibility for the nation’s cyber security (now separated into the National Cyber Security Centre). At that event, high-level GCHQ speakers noted the need for governments to include media companies in national work on cyber security and their classification as critical national infrastructure.
Since then, the AIB’s cyber security working group has developed a work programme that aims to share information and intelligence among AIB Members while at the same time pressing suppliers to the industry to respond to broadcasters’ security needs and requirements. The chair of the working group, Denis Onuoha (CISO at UK transmission company Arqiva), has spoken at major broadcasting events including NAB to highlight the ever more urgent need for the entire media industry – broadcasters and suppliers – to respond to the constantly increasing number of threats that exist from both nation states and cyber criminals.
At the European Broadcasting Union’s International Broadcasting Assembly in Sofia on 18-19 May, the AIB will be presenting to a range of international broadcasters about the threat posed to their businesses from cyber attack. In June, the AIB will be meeting with national security agencies to develop collaborative links that benefit AIB Members in protecting their businesses against cyber attack.
“This is a piece of work that will continue to develop and grow over the coming months and years,” says Simon Spanswick. “The AIB is working hard on behalf of its Members to ensure that they can protect themselves, their brands and their reputations in a world where the threats from cyber criminals has never been more challenging. The media industry needs to stay one step ahead of those who work to wreck businesses and those who – knowingly or unknowingly – derail broadcasters from their missions to inform, educate and entertain.”
Advice from the UK National Cyber Security Centre on tackling this attack is here: https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators