Media Firms Twice as Vulnerable as Cross-Sector Average

Security

The percentage of media companies susceptible to compromise is double the figure across all other sectors, according to a new study from BlueVoyant.

The security vendor used its tools to perform a cybersecurity posture analysis on 485 organizations from the media industry to compile its Media Industry Cybersecurity Challenges report.

It found that 30% of those analyzed are exposed to compromise via vulnerabilities in their internet-facing, publicly accessible footprints. Exploitation of these vulnerabilities could lead to content theft and/or operational disruption.

However, prompt patching remains a challenge: 60% of identified vulnerable systems were still unprotected six weeks after a patch had been issued, BlueVoyant said.

Part of the challenge for the sector is the complexity of the supply chain, which might incorporate a wide variety of vendors, service providers, partners and technologies to move a creative idea from concept to camera to consumer, the report claimed.

“The digital supply chain is a common attack vector not only for the media, but all industries,” argued Dan Vasile, BlueVoyant vice president of strategic development and former vice president of information security at Paramount.

“In order to improve their cyber-defense posture, media companies should continuously monitor their extended vendor ecosystem, using analysis to prioritize mitigation of the most critical findings.”

Half of the top vendors providing content management solutions to the media industry were found to have vulnerabilities in their products, according to the report.

To enhance supply-chain security, BlueVoyant recommended media companies:

  • Identify and prioritize vendors, focusing on their criticality to content creation and delivery, and access to critical systems
  • Continuously monitor the supply chain using contextual analysis to prioritize serious vulnerabilities. Questionnaires and point-in-time scans are no longer sufficient
  • Use platforms to proactively track how critical vendors are addressing externally visible vulnerabilities and misconfigurations and work with them to minimize attack-surface risk

Products You May Like

Articles You May Like

RansomBoggs: New ransomware targeting Ukraine
Apple pushes out iOS security update that’s more tight-lipped than ever
Chrome fixes 8th zero-day of 2022 – check your version now
Spyware posing as VPN apps – Week in security with Tony Anscombe
Hackers Target Colombia’s Healthcare System With Ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *