According to MDR provider BlueVoyant, the media industry is the most vulnerable to cyberattacks. Many media companies are extremely slow to fix critical bugs.
The media industry faces various types of cybersecurity incidents, including leaks of content on torrent trackers and dark web forums, disruptions on TV channels used to deliver content to consumers, ransomware attacks, and DoS attacks.
Let me remind you that we also wrote that One of the largest American media holdings News Corp has been hacked, and also that Phineas Fisher contacted the media and offered $100,000 to hackers that would attack banks and oil companies.
BlueVoyant has analyzed almost 500 suppliers. This includes 49 companies that provide content management, production, monetization, and distribution services for most media companies, and 436 vendors whose products and services are widely used but not adopted by the entire industry.
Of all companies, 143 had critical vulnerabilities in Internet-facing systems, which are commonly targeted by attackers. One or more of these vulnerabilities have been found in approximately 30% of media companies, nearly double the multi-industry average of more than a million companies.
Based on the study, content management service providers were the hardest hit, with half of them hosting vulnerable systems. The monetization segment is the most protected: less than 15% of them are subject to attacks.
As a specific example, BlueVoyant cited the Confluence vulnerability (CVE-2022-26134). Atlassian released fixes in early June, but exploitation of the bug began at least a week before. BlueVoyant found that 8 media companies still haven’t applied the fix – 6 weeks after it was released.
User Review
( votes)
