Cyber risks on entertainment platforms

Many of us have an account on one or more online platforms. This includes all kinds of entertainment platforms like Facebook, Netflix and newspaper websites, all of which are here for our entertainment and pleasure.

But how secure are these platforms and what cases have affected the security around the platforms we use? We’ll dive into the world of online entertainment and see which cybersecurity risks are connected with these. We’ll also take a closer look at how you as a user can improve the security around your accounts.

Billions of users

When we think of online platforms it’s usually social media platforms that pop into our minds. However, the category of online entertainment spans across many different things, and it’s everything between:

• Social media
• Newspapers
• Streaming services

Under these categories lie a wide range of apps, websites and features that many of us use on a daily basis. The entertainment industry has billions of users across the globe; and it’s an even bigger number if we look at all created accounts across several platforms. We have accounts on social media, but we also use one or more streaming services (both video and music) and some are also subscribers to different news sites and newspapers.

There has been a natural development with digitalization leading to many platforms to change to digital versions. This is e.g. newspapers that convert their articles to their website, or making a digital version of their newspaper so subscribers can read it on a tablet or other device instead of a printed version. The same goes for books and general publications; there has been a major shift in the wake of digitalization, since people want quicker and better access to their chosen type of entertainment.

This also applies to streaming services. We want to be able to see movies, tv series and videos directly on our phones or through apps on our tv’s, instead of renting or buying it in the physical format.

This shift has brought an increased pressure on websites and their infrastructures. Now it needs to be able to handle billions of users and their data without compromising their experience or data.

A threat emerges

Since the birth of the internet, IT criminals have roamed the interwebs to exploit vulnerabilities and gaps in security walls. They are often financially motivated to hack into software or steal personal data. Usually they execute ransomware attacks, where they hold data as a hostage and wait for a ransom payment in return.

Hackers and IT criminals roam the dark web where they trade confidential data for money (which usually is in the form of cryptocurrency). Therefore, they target the biggest groups in order to get access to the biggest amounts of user data.

One of the bigger data breaches in the entertainment industry was when Disney launched their streaming service Disney+. It was, and still is, a very popular streaming platform with a high demand from its users.

However, Disney was not prepared for the high demand of the platform. They were distracted by the demand so when hackers got access to user data, Disney had no chance of finding the vulnerability that had been exploited.

Hackers then went to the dark web to sell the user data of thousands of accounts to gain a good profit from the vulnerability.

Pirating and blackmailing

Back in the day, when all we could do was to purchase or rent a movie, many went to movie pirating to get free access to a vast variety of movies. Even though the film industry wasn’t particularly affected by the pirating, it did influence people’s habits of going to the movies and renting movies in-store. People illegally watched already-released movies in a cheaper and illicit way.

We don’t see the same type of pirating today - but we see it causing a lot more damage to the streaming services. Today, cinemas and streaming services still have a big following and customers. So, one of the most damaging ways a streaming service can be hit is with leaked and unreleased content.

When hackers steal content (whether it’s an entire movie or a couple of episodes of a tv show) it can have serious consequences for a production company and streaming service.

• Firstly, there is a fatal flaw in the production company or streaming service’s security if a hacker can access unreleased material.

• Secondly, when a hacker has access to unreleased content, they most likely will hold it hostage to get a good payment for it, and not to leak it beforehand.

Unfortunately, it has happened quite a few times where companies have had leaked content even though they paid the ransom. In other and even more severe cases the content has been deleted by malicious actors like hackers and hacktivist groups - if the company hasn’t made backups (which they fortunately often do).

Improved security

One of the main reasons for most hacking attacks and ransomware attacks is human error. Hackers trick their way to crucial information that can be used to get access to systems and software, but also be sold on the dark web.

Hackers leak information whether it’s confidential information or unreleased content. News sites and social media platforms contain lots of user data, which is invaluable to the user and very profitable to the hackers.

That is why the online platforms have to have improved cybersecurity and many do. Some platforms have implemented MFA to add an additional layer of security for their customers. News sites may be targeted by hacktivist groups if the group disagrees with the news platform, as can a social media platform be targeted if a group disagrees with user guidelines.

That is why any organization should consider implementing different kinds of cybersecurity:

• Attack surface management: This creates an overview of the different vulnerabilities a platform has; in Disney’s case, they didn’t have a proper (if any) attack surface management, so they couldn’t discover the breach in time. When you have an overview of potential entry points into a system, you can manage and close that gap before hackers exploit it.

• Incident response plans: With an incident response plan you outline any potential incidents and how to mitigate them. If you have an incident response plan you can fix the security gap a lot quicker and thus prevent any major damage to your organization.

• Awareness training: As we’ve mentioned, human error is one of the biggest reasons for successful cyberattacks. Hackers can’t fool computers as they can trick people into clicking a link or downloading a file. So, with awareness training, you learn to see the hacker’s tricks so you don’t fall into the trap.

We’re all users of some kind of entertainment platform. We rely on their security but we should also secure our own accounts with improved cybersecurity. Skipping cybersecurity can have major consequences to any industry, and some of the biggest cases have happened in the entertainment industry, since they have one of the greatest followings in the world.