Published on August 5th, 2019 📆 | 2850 Views ⚑
0Counter-Terrorism Analyst Offers Cyberthreat Insights to M&E Day Crowd
When Roger Cressey, a go-to counter-terrorism analyst for NBC and former advisor to President Obama, looks at the state of cybersecurity in media and entertainment, he sees a good news, bad news situation.
âThe good news is, your industry is more aware than itâs ever been before,â he said July 25 during a keynote presentation â âManaging Cyber Risk in an Interconnected Workplace is Everyoneâs Responsibilityâ â at the Content Protection Summit East event, part of the Media & Entertainment (M&E) Day conference. âThe bad news is you still have a way to go ⌠to bring in the security culture in every element of how you do your business.â
Cressey explained how modern cybersecurity requirements extend beyond traditional IT networks, and need to focus on individual approaches, along with a comprehensive corporate strategy and structure. For media and entertainment specifically, the move to native digital workflows is resulting in interdependencies between networks, devices and users.
His presentation offered thoughts as to why the threat environment is only one part of the equation, and how technology isnât enough to stop cyberattacks.
âWhatever the cool tech is, it doesnât absolve you individuals of your responsibility and accountability when it comes to cybersecurity,â Cressey said. Thereâs an âarms bazaarâ of attack tools available for criminals today, and hackers are a community of people who learn from each other, share information, and look at what each other is doing to change their tactics.
âAnd I guarantee you they are looking at your industry right now for the opportunities they can exploit using this tools, some of which are nation-state level, that you do not have the technical tools to deal with,â he added.
It means the individual â not tech â is the most crucial point of stopping a cyberattack against his or her organization. Because cyber attackers will keep tabs on your network for months on end, looking for vulnerabilities, Cressey said. That needs a human approach to preventing and responding. âIt tells you, if theyâre really interested in what youâre doing, theyâre going to watch, learn and listen, and wait for the right time to [go after] your IP, or worse, destroy the data you have,â he said.
âYour technology can be world class, but if your people arenât trained, and if your processes stink or are non-existent, that technology will not save you,â Cressey said. Thatâs a message C-suite executives need to understand. Understand all of your attack surfaces â your email, your mobile devices â is part of the approach, but so too is looking outside your immediate organization.
âYou should be telling your bosses: âWhat should we be doing about our outside vendors? What security requirements are we ensuring that they put in place? And what happens if they donât? How do we hold them accountable and responsible?ââ Cressey said.
And Cressey offered a reminder that should be gospel among every employee today: âItâs not a question of if but when your network will be penetrated. Your network will be penetrated,â he said. âIf thereâs a determined adversary with the right capabilities, commitment and talent, theyâll get in. All you can do is minimize the impact of [the breach].â
Prioritize whatâs most important, and realize that everyone in the organization has a role to play in both preventing and minimizing the impacts of a cyberattack, Cressey said.
The 2018 M&E Day, which also included Smart Content Summit East conference tracks, was produced by MESA, in association with the Content Delivery & Security Association (CDSA), the Hollywood IT Society (HITS) and the Smart Content Council, and was presented by Microsoft, with sponsorship by Akamai, BTI Studios, Independent Security Evaluators, LiveTiles, MarkLogic, RSG Media, ThinkAnalytics, Amazon Web Services, EIDR, the Trusted Partner Network (TPN) and Richey May Technology Solutions.
Click here to download audio of the presentation.
Gloss