Cyber security gets Hollywood makeover
Hacking is a major issue for many industries – but Hollywood is an especially tempting target. The new Entertainment Security Operations Center in Los Angeles hopes to provide a secure system for studios to control their valuable creative content.
HBO, Sony Pictures, and Netflix have all been hacked in major security breaches. In addition to embarrassing information being made public and loss of consumer confidence, infiltration can cost a film or television company big bucks. According to a Carnegie Mellon University study, films leaked online before official release can lose nearly 20% of their box office revenue. Furthermore, paid subscriptions for Netflix or HBO become less appealing to viewers if they can simply watch their favourite shows elsewhere for free.
Why is Hollywood so poorly equipped to safeguard itself from data breaches? Outsourcing may be partially to blame. Special effects, musical scores, set engineering, and technicians are often provided by independent contractors and freelancers. While workers could be brought in-house, doing so would be expensive and limit flexibility when sourcing the best talent. Unfortunately, many of these small firms and individuals simply lack the resources to defend against sophisticated attacks. As a result, the hundreds or even thousands of people working on a project’s creation and distribution become security risks.
In August 2017, HBO’s CEO Richard Pelper admitted there had been “a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming.” Hackers stole and subsequently released episodes from Game of Thrones (pictured) ahead of their scheduled air dates.
California-based tech company Secure Channels, Inc believes it has the solution to protect Hollywood’s data, files, and emails. The company announced earlier this week that it will open the first centralised hub for the secure management of entertainment industry content: the Entertainment Security Operations Center (ESOC). Using an exclusive membership model, each individual who needs access to sensitive content must first join ESOC through a diligent identification process. Content will then only be handled within the secure environment.
In theory, this commitment to security dovetails nicely with the incoming General Data Protection Regulations (GDPR), which takes effect in May 2018. Despite being a European law, the GDPR will apply to any and all companies which offer goods or services to EU residents, or monitor EU residents online – even if those companies are physically located outside of Europe. Failure to comply with the GDPR will put a company at risk for serious fines, ranging from 10 million euros up to 4% of annual turnover.
Personal data must be processed in a way which ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
GDPR Core Principle of “Integrity & Confidentiality”
It’s important to remember that hacking is about more than just pirated content. While ESOC appears to be marketed primarily as a means of protecting intellectual property, it should also strengthen protections for personal data. In addition to the films, scripts, and music which could be leaked, a film studio will also have vast amounts of information relating to their cast and crew. Nearly all of this information, including emails, names, and dates of birth, will fall under the GDPR’s regime as “personal data.” Furthermore, information about a person’s ethnicity or health – key features in the acting business – is classified as “sensitive personal data,” and requires even stronger protection.
