Security has risen to the top of the agenda amongst most C-suite executives and boards of directors and the digital video industry is no different. The cause for this attention is illustrated by several high profile cases that have made the headlines in recent years.
A powerful cyber-attack hit a French TV Network in 2015 when a gang used highly targeted malicious software on the TV network's systems. The impact was huge – all channels were off-air for hours, social networking accounts and the web site were hacked, and the financial cost was close to €5 million in the first year alone.
Another example is with a leading entertainment company where multiple attacks caused the breach of almost 77 million customer records, unpublished movies and internal confidential information.
The threat today really is at an all-time high, facilitated by the explosion of innovation in the industry. Securing content delivery to devices such as the Set Top Box used to be much easier when it was a closed system under the sole responsibility of the service provider. But we have moved from those traditional closed systems towards multiservice and multiprotocol IP delivery to any connected device, managed or unmanaged, in a highly personalised way. This provides an enhanced customer experience and new business opportunities, but also creates new challenges in the security landscape.
There are more and richer targets, such as analytics, personal and usage data, and video content itself. The new, open networks with consumer owned devices can be attacked in fundamentally different ways, as they allow for easier, automated attack options on an increased overall attack surface. In other words, there are new opportunities and there is more motive for hackers to break in. And as we have seen: they do.
In addition, the impact of breaches is rising. Not only are the direct and indirect costs of breaches growing, erosion of trust is an increasing concern in a digital economy. There is no option for broadcasters and operators when it comes to collecting, storing and managing an increased level of rich data. To provide today’s demanding consumers with the experience they expect, they must build trusted 1:1 relationships with their customers and offer highly personalised services. That means collecting more data from them than ever before, which brings with it another layer of security and privacy concerns.
Despite all this, many companies have an apparently misplaced level of confidence in their security posture. Accenture’s recent security research found that 75 percent of respondents were “confident” they were doing the right things with their security strategies, but about one in three, focused, targeted breach attempts succeeded.
Clearly there is a disconnect and more needs to be done. Here are some key strategies to help improve security and ensure you have your customers trust.
Make it everyone’s responsibility: One person cannot be responsible for the security of the business, the content and the personal information it holds. It must be built in to the culture so that everyone is held accountable and trust is integrated throughout the business. But for this to happen, the CEO and board must lead by example – if it’s taken seriously at the top, change can happen throughout the organisation.
Understand how secure your business really is on an ongoing basis: New threats are appearing daily so it is critical that businesses continuously review their processes and run tests. If you don’t know about any problems, the likelihood is that you simply don’t have consistent visibility or aren’t testing enough.
Secure the platform business: If you are delivering video content, make sure security features are built in to the service platform by design. It should be at the heart of the service delivery platform, promising security, privacy and reliability within the business and for the customer. It must not be an afterthought and it is critical to understand the risks throughout the video value chain and ecosystem. It is not just about the platform, device or content alone but the fully integrated operating model.
In conclusion, success hinges on a 360-degree approach and a relentless focus on the business impact. Security must be taken seriously. Make it part of the lifeblood of the organisation and make sure risks are reviewed regularly and processes updated to stay ahead of the hackers. Security is a competitive differentiator and is critical to being a trusted provider.