Calls for media companies and supply chain to rehearse collective cyber response

How prepared is your organisation really for a ransomware attack?

If the worst happened, could your business run? Are you ready to take all your systems offline? Would you negotiate with a ransomware gang? If so, how much are you willing to pay? And what will your CEO say when she or he is doorstepped by a journalist? And will it reassure customers and partners, or tank your share price?

These were some of the questions tackled in the DPP's Cyber Security Secrets report, released in March 2022. The special insight report, supported by member organisations Fastly and Convergent Risks, sourced contributions from 20 experts working across cyber, risk, compliance, threat intelligence and content security to share their best advice about mitigating and responding to cyber attacks. It comprised the tips that go beyond patching best practice, and which are not included in certification programmes - the things that are really making a difference.

One suggestion from our group of cyber security experts was for broadcasters, media companies and their supply chain partners to come together and 'War Game' a collective response to a hostile cyber attack.

Download Cyber Security Secrets

Cyber Security Secrets

Ransomware response

They gave examples of scenario planning and War Gaming to the 'nth' degree responses to a sophisticated attack.

One contributor spoke about having a journalist and camera operator intercepting and haranguing their company CEO as they arrived at their office. They did this to help the CEO prepare for the day when they have a microphone thrown under their nose, along with a demand for comment.

One of the biggest blindspots companies found was around who communicates what to whom? You need to know whose responsibility it is to inform the bank, who should speak to tech partners and suppliers, and how communications should be made to other partners, authorities and customers. You also need to know how to speak to your own journalists.

Convergent Risks CEO and President, Chris Johnson, added that there is a feeling in the industry that smaller and medium sized organisations in particular are not fully prepared for the threat. He suggested that companies across the media supply chain, from script to screen, come together to rehearse how they will respond as a group to an cyber incident that could impact multiple organisations. The sentiment was echoed by other cyber professionals.

Vulnerabilities affect the whole supply chain

Gonzalo de la Vega, VP Strategic Products at Fastly, said that no organisation was safe unless the media supply chain acted as a unit.

"There is no system which is 100% secure; everybody tries their best but security is never flawless. It's a fight for all of us together against maliciousness. We want to build a more reliable and trustworthy internet for everybody, as vulnerabilities affect the whole supply chain."

Gonzalo de la Vega, Fastly

Five Eyes cyber guidance

In April 2022, the UK's National Cyber Security Centre and its 'Five Eyes' partners in the US, Australia, Canada and New Zealand issued updated advice to mitigate Russian state-sponsored and criminal cyber threats. While the guidance is aimed at critical infrastructure, prominent media organisations and its suppliers have also been high-profile targets.

NCSC CEO Lindy Cameron said:

"In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures.

"It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets.

"The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber attacks, wherever they come from."

The NCSC had already released guidance about actions to take when the cyber threat is heightened following Russia’s invasion of Ukraine.

Aligning IT and the human factor

In the DPP’s Cyber Security Secrets report, one common theme highlighted by the experts were the initiatives - including Bug Bounty programmes, hackathons and improving management skills to tackle the insider threat - which help align IT security with the 'human factor'.

Fastly's Gonzalo de la Vega said that ultimately good initiatives work at the intersection of where organisations make mistakes and where breaches happen. They uncover the technology vulnerabilities and the mistakes humans are prone to making, resulting in more secure products and practices.

The full report is available to download by DPP members here.

Production and broadcast suppliers looking to demonstrate their commitment to working towards and adhering to cyber security best practice can take part in the DPP Committed to Security programme here.

MEMBERS

Cyber Security Secrets

Nowadays, cyber attacks are incessant and ingenious. Senior leaders are becoming aware just how smart they have to be in return.

Getting the basics right is the most important thing. But what are the things that will really make a difference?

Read the report to find out what our group of cyber security experts wish they had known on the first day of the job.

Enabled by Fastly. Convergent Risks.

Fastly Convergent Risks

Enter your email to download

If you work for a DPP member company, you'll be able to log in or create your account. Otherwise, we'll help you learn more about how to access this download.

Not sure if your company is a member? Check our Members Directory

Download this file

Download Now Actionable Insight Summary

Great news. Your company is a member!

Register in a few quick and easy steps to get access to all DPP documents.

Create your login

Join the DPP for full access

This download is exclusively available to DPP members. If you think that your company is a member, you might want to try again.

If you're not yet a member, you can find out more about the benefits of membership.

Learn more

Think there's a mistake? Contact us.

Thanks!

We have emailed you a link to download this file.

Continue

Oops!

Something went wrong.

Start again

If the problem persists, please get in touch.

Account suspended

Unfortunately it looks like your account has been suspended.

Use different email

Please verify your account

We can see you have created an account with us, but you need to verify your email address.

Thanks

Please check your email to verify your account.

Just a few more details!

We would like to send you occasional updates on our work, publications, and events. You can unsubscribe at any time. Can we keep you informed by email?

Please choose an option

It's time to reverify your account

From time to time we need to reverify your email address for security reasons. Click the button below and we'll send you a link straightaway.

System unavailable

We're sorry, it looks like we can't register your account right now. Please check again later.

If the problem persists, please contact membership@thedpp.com.

Account Problem

We're very sorry, it looks like we can't retrieve your account right now. The membership team have been notified and should be in touch shortly.

If the problem persists, please contact membership@thedpp.com.

Coming Soon

This download is not yet available - check back soon!

Learn more

Payment Checkout

Set at runtime

Continue

Payment Complete

Thank you, we have emailed you a link to download this file. The link will be active for 24 hours. If you are having problems please contact us

×

MEMBERS

Enter your email to download

If you work for a DPP member company, you'll be able to log in or create your account. Otherwise, we'll help you learn more about how to access this download.

Not sure if your company is a member? Check our Members Directory

Download this file

Download Now Actionable Insight Summary

Great news. Your company is a member!

Register in a few quick and easy steps to get access to all DPP documents.

Create your login

Join the DPP for full access

This download is exclusively available to DPP members. If you think that your company is a member, you might want to try again.

If you're not yet a member, you can find out more about the benefits of membership.

Learn more

Think there's a mistake? Contact us.

Thanks!

We have emailed you a link to download this file.

Continue

Oops!

Something went wrong.

Start again

If the problem persists, please get in touch.

Account suspended

Unfortunately it looks like your account has been suspended.

Use different email

Please verify your account

We can see you have created an account with us, but you need to verify your email address.

Thanks

Please check your email to verify your account.

Just a few more details!

We would like to send you occasional updates on our work, publications, and events. You can unsubscribe at any time. Can we keep you informed by email?

Please choose an option

It's time to reverify your account

From time to time we need to reverify your email address for security reasons. Click the button below and we'll send you a link straightaway.

System unavailable

We're sorry, it looks like we can't register your account right now. Please check again later.

If the problem persists, please contact membership@thedpp.com.

Account Problem

We're very sorry, it looks like we can't retrieve your account right now. The membership team have been notified and should be in touch shortly.

If the problem persists, please contact membership@thedpp.com.

Coming Soon

This download is not yet available - check back soon!

Learn more

Payment Checkout

Set at runtime

Continue

Payment Complete

Thank you, we have emailed you a link to download this file. The link will be active for 24 hours. If you are having problems please contact us