As senior project manager at the Digital Production Partnership, Abdul Hakim has 13 years’ experience in the broadcasting and IT industry; he has a comprehensive background in project management and operations at the BBC as well as in the commercial sector.
This interview is from the recent Radio World eBook “The Internet of Broadcast Things”; read it here.
Radio World: Are media organizations a bigger target today for cybercriminals?
Abdul Hakim: Two or three years ago, cybersecurity was a nonissue for most media groups. But now it’s become a standing item at board meetings and at the top of corporate risk registers. It’s also an area to which a lot of time, attention and resources are assigned.
Cyberattacks on media companies are nothing new, but the turning point seems to be around 2008, with an increase in both the number and severity of attacks. In 2011 Sony was hacked, and reportedly details of a million user accounts were stolen from its PlayStation network. More recently details of data loss have emerged for many high-profile companies such as Carphone Warehouse, TalkTalk, Yahoo!, LinkedIn, with details of several million accounts stolen.
Furthermore, the current global climate has made media companies an attractive target for hostile groups, who see the disruption of broadcast operations as a major opportunity to gain exposure. A high-profile example was the attack on TV5 in France.
RW: Do you have any numbers on percentages of cyber attacks, or percentage increase in recent years?
Hakim: According to the PwC Global State of Information Security Survey 2017 report, the Entertainment, Media and Communications companies surveyed reported an overall increase since 2014, reaching 7,674 incidents in 2016. The total financial losses as a result of these incidents soared by 81% in 2016.
RW: What are some of the top tips to protect yourself/organization from hacks and cybercriminals?
Hakim: Making cybersecurity someone’s responsibility is a crucial step to take if an organization is to protect itself from hackers and cyber criminals. That person needs to be senior and afforded the budget to be able to tackle any gaps in defenses. They need to have the mandate to make the necessary changes to make sure the organization is protected.
Secondly, it’s widely acknowledged that you can have the best defense in the world, with state-of-the-art firewalls and virus/malware scanning tools, but the weakest link in the chain is people. It’s still all too common for people to choose obvious passwords, or not to change passwords at all, and for people to download random software, games and other content from compromised or malicious websites. Training and awareness are therefore hugely important. Cybersecurity training needs to become mandatory, just like workplace health and safety training.
RW: What sorts of precautions do you need to take when traveling abroad with encrypted devices?
Hakim: In some countries, local laws prohibit you from taking in encrypted devices, while in others, export laws prohibit you from taking out encrypted devices. It’s more about the encryption technology than the device itself. For those countries, you will need to know how to turn off encryption. If you’re carrying a production laptop it can take a day or two to fully decrypt, so you will need to allow time for that.
If you’re traveling to any hostile territories or countries where state-sponsored cyber hacking is common, it’s best to take a fresh device installed with only the software you need. Avoid sending sensitive or confidential information over the internet as these are heavily monitored by state agencies.