THE CHANNEL
|
ISSUE 2 2015
|
37
The issue of cyber security has been thrown into stark relief
by the well-publicised attacks on Sony Entertainment and
TV5 Monde as well as many other, less talked about, cases
that have affected broadcasters around the world.The AIB is
organising a special briefing, as Simon Spanswick reports
hen you open a newspaper
or pick up a topical
magazine you are likely
to find an article about
cyber security and the risks that
hackers pose to governments and to
businesses. You will see articles
about the latest security breaches,
such as the high profile thefts of
massive amounts of data from
Ashley Madison, the Office of
Personnel Management, Walmart
and other retailers. These attacks
have highlighted significant levels
of vulnerability in the security
systems of major organisations.
Globally, personal details of
millions of people have been stolen
and in some cases used illegally.
TIER 1 THREAT
This is not routine crime that
results from carelessness. Attacks
on companies – including those
operating in the media – are of
staggering complexity and
sophistication. So great is the risk
that in the UK, cyber has been
ascribed formally a ‘Tier 1’ national
security threat level. There are only
four such threats. The other three are:
terrorism; a major conflict between
states that draws in the UK; a major
accident or natural event.
Media companies are
increasingly vulnerable to attack, as
they open up more and more of
their systems to their customers,
whether it’s through websites or
incoming contribution devices. And
as the world becomes ever more
connected, so the number of
potential weak points in companies’
defences increase.
Media companies are considered
high value targets since the media
habitually reports on the media,
which means that there’s
potentially an immense amount of
publicity to be gained for those
carrying out the attacks.
MITIGATINGRISK
While technology is enabling this
increasing level of interconnection
– as well as creating many of the
vulnerabilities – this issue is not
simply a technical one. It’s about
business risk and in particular
mitigating that risk through
governance, procedures, as well as
technology.
The risks for media companies
cannot be understated. That’s why
AIB is gathering information and
helping its Members with strategies
to mitigate business risk. In
October, AIB will be holding a
high-level one-day briefing for
board members and executives to
explore the risks and to start
conversations on how it may be
possible to defend media
companies from being hacked.
No media executive wants to be
responsible for the after-effects of a
cyber attack, such as the theft of
confidential information relating to
newsroom sources that then as a
consequence may be attacked,
kidnapped or killed. Similarly, no
executive wants to see his or her
airwaves taken over and offensive
or harmful material shown instead
of the planned programme. Nor
does a media company want its
brand reputation harmed by an
attack on its website that leads to
the infection of millions of
computers used by its audience.
REAL ANDPRESENT THREAT
Because this issue has profound
implications for the media industry,
The AIB has been analysing and
researching cyber security. We have
talked to government agencies, to
regulators, and to specialists who
monitor the levels and types of
threats and attacks that are
happening in every business sector
in every country every day.
It is important for those in media
companies who have responsibility
for corporate governance, and for
protecting their businesses against
failure, to understand that the
threats are very real. Clearly, this is
a sensitive issue. In our discussions
with media companies around the
world, we’ve found a reluctance to
talk openly about the issue. We
understand, as no-one wants to
admit that they are vulnerable or
have already been a victim.
Yet the AIB believes it is all the
more important that there is an
exchange of information and that
companies have the opportunity to
learn from experts in the field.
The breach of cyber security is
no longer a high impact, low
likelihood risk to businesses. It is
high impact, high likelihood.
GETTING INVOLVED
AIB invites all its Members to take
part in the off-the-record meeting
that we’re holding in London in
October in association with Deloitte.
It’s the first step in a programme
that AIB is putting together for its
Members to mitigate risk and ensure
business continuity. If you are not
already an AIB Member, now is the
time to get involved with our work
on cyber and other key issues.
n
W
www.aib.org.uk
CYBER
SECURITY
Media
companies
need to
understand
that the
threats
are very
real
“
”