Media organizations are facing SQL injections, DNS attacks, pirated content, and DDoS attacks, according to an Akamai report.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- SQL injections, DNS attacks, pirated content, and DDoS attacks were the most common cybersecurity incidents experienced by media organizations. — Akamai, 2018
- Slow site performance and downtime are the top security-related concerns among media leaders. — Akamai, 2018
As more consumers cut the cable cord, media companies are increasingly transitioning to over-the-top (OTT) content, offering online-based shows and information. However, increasing cyber threats may halt media organizations' online services and ability to innovate in the space, according to a Wednesday report from security firm Akamai.
Slow site performance and downtime are the industry's top security-related concerns, according to 26% of the 200 US media technology decision makers surveyed in the report. Protecting premium video content (23%), enterprise application security (20%), managing the impact of bot traffic (15%), and DDoS mitigation (13%) were other concerns, the report found.
Media organizations experienced a number of security breaches with a wide range of attack vectors, the report found. The top security breaches media organizations reported facing were SQL injections (23%), DNS attacks (21%), pirated content (20%), and DDoS attacks (17%). Other cybersecurity attacks reported included account hacks, website defacement, and cross-site scripting.
SEE: Intrusion detection policy (Tech Pro Research)
Attacks facing the media are increasingly going beyond content piracy to those presenting a real danger to the business, the report noted. It's important for business and IT leaders in the field to pay attention to cybersecurity, and ensure that employee education and adequate protections are in place.
Only 1% of media organizations reported that they are "very confident" in their current security measures, the report found. More than half were on the fence about whether or not they are fully prepared to protect against threats.
"Media companies are online businesses, operating websites and maintaining a wide variety of proprietary and sensitive information," Dave Lewis, senior global security advocate at Akamai, said in a press release. "They need to broaden their perspective on security and look closely at approaches like zero trust architectures and protecting enterprise applications to secure their content along with everything around it."
Media organizations are using a range of technologies to fight DDoS attacks, including network firewalls in their data centers (31%), dedicated DDoS mitigation "scrubbers" (26%), data center-based intrusion prevention systems (17%), and ISP-based DDoS mitigation (11%). Cloud-based content delivery networks (CDNs) remain rare in the industry (14%), though they have become widely adopted in other fields, the report noted.
In terms of managing bot traffic, 33% of respondents said they employ a manual process of investigating logs and blocking individual IP addresses to address bot traffic. Some 45% said they leverage an existing firewall, and 1% said they don't do anything at all.
The vast majority of media companies—84%—report using a web application firewall to defend against web application attacks. Only 16% said they rely on application security audits and testing alone.
"Steps are being taken to address common threats like DDoS, bots and web application attacks, but almost none of the media influencers we surveyed are very confident their organizations are protected, indicating that businesses have a long way to go on the security front," Lewis said in the release. "At a broader level, it's going to take media companies coming together as a community to establish forums, industry standards and closer connections with government bodies to move the confidence needle and create a more security-aware and protected industry across the board."
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- Cybersecurity report card: Why too many companies are graded 'could do better' (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Improve your cybersecurity strategy: Do these 2 things (ZDNet)
- Why traveling CEOs and coffee shops are your company's greatest security risks (TechRepublic)