CPS 2021: Richey May Explains How to Not be a Ransomware Victim
Media and entertainment businesses get attacked more often than companies from most other sectors and there are no signs that ransomware is going away or even slowing down anytime soon, according to Jason S. Hamilton, a Certified Information Systems Security Professional (CISSP) who serves as managing director of Cybersecurity Services at Richey May Technology Solutions.
“We’ve been talking about content protection” all day but “we have other data to protect” also, including credit card information and payroll information for employees on the set, he said Dec. 16 at the Content Protection Summit (CPS) event, during the session “How to not be a Victim of Ransomware in Hollywood.”
During the session, he discussed best practices to secure data and content, solutions that should be put in place to help prevent making a studio or network a sitting duck and more, offering viewers tips and tricks on how not to be a victim.
“The costliest record to protect is actually” personal identifiable information (PII), he said, citing third-party data that said it costs $180 per record on average to protect PII. Intellectual property, in comparison, costs around $160 per record.
Such data has value to the people trying to steal it, he said, noting: “There’s plenty of money to be made in releasing something before it was supposed to be released. The way that we protect the value of that data is keeping it within our ecosystem of control. So as soon as it becomes public, that’s when the value starts to drop off.”
The average cost for a data breach is $4.2 million now on a global basis, he said, noting that represents a “big spike” – of about $380,000, or 11.9% – from 2020. “Expect that trend to continue; it’s not going to go back down,” he warned. The average cost of a data breach in the M&E space, meanwhile, is $3.8 million, he added.
Remote work had a major negative impact on those costs, he noted, pointing to a 2021 IBM report that said the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach.
Phishing, meanwhile, continues to be the most prevalent attack vector, as it has for the past two years. After all, “being able to compromise a human is way, way easier than being able to hack through a firewall,” he said. For example, it’s pretty easy for bad actors to connive somebody who works at an organisation to give them their credentials or even let them inside an office, he added.
“These guys have all the time in the world to get creative and find a new way into your network,” he said.
Moving onto ways that bad actors are able to get to an organisation’s data outside of phishing and the human element, he said: “Patch management’s huge. On average, it takes 246 days to fix a high-severity vulnerability…. We suck at patch management.”
He then turned the spotlight to ransomware attacks, which he predicted is “not going away,” noting its increasing. There was more of it in 2021 than 2020 and he predicted there will be more of it in 2022 than 2021.
The Russian hacker group responsible for last year’s Colonial Pipeline ransomware attack are “raking in $90 million a year offering ransomware as a service, he said. Contributing to the problem is the large number of people who agree to pay the ransom, which just perpetuates the problem, he told attendees.
Defending against ransomware attacks “comes down to fundamental processes and procedures,” he went on to say.
Proactive defence strategies include: having incident handling policies and procedures; a ransomware-specific procedure; monitoring, logging and alerting; having a “solid backup strategy;” have and testing restoration procedures; network segmentation; and segregation of critical resources, he said.
Incident handling procedures once an attack happens, meanwhile, should include: isolating the infected endpoints, closing the attack vector and validating impacted resources; following the process to sanitise infected hosts; restoring compromised data from backup; validating the restore process; ensuring documented RPO and RTO are met; and go over lessons learned and process improvement.
To view the full presentation, click here.
To download the presentation, click here.
The Content Protection Summit was open to remote attendees worldwide using MESA’s recently introduced metaverse environment, the Rendez.Vu-powered MESAverse, an interactive 3D-world that allows for hybrid live and virtual events.
The event was produced by MESA, presented by IBM Security and Synamedia, sponsored by Convergent Risks, Richey May Technology Solutions, PacketFabric, archTIS, Code42, INTRUSION, NAGRA, StoneTurn and Vision Media.