Cyber Security And What You Can Do About It – Irdeto Has A View

With consumer data now as key an asset as the content itself, service providers must increasingly address cybersecurity threats and the theft of subscriber data. Here conditional access expert Irdeto surveys the changing nature of pay TV security.

Peter Oggel, VP Technology, Irdeto: There is perhaps a viewpoint held that cyber security is focused on protection of the network and the threat from hackers to systems and data. In today’s climate however, this is not the case, as threats to customer data and high value content often come from the same place. The problem for service providers is that today’s cyber criminals have the same resources as enterprise businesses at their disposal. They invest in product research and development, and produce and distribute their products and services. Cyber criminals can be defined as people who hack and steal content, assets, credentials, for example, to make a profit. There are other hackers that do it to raise awareness for a particular issue with no desire to be paid or earn money out of the activity. Today’s cyber criminal has customers to satisfy, money to be made and must consider their ROI just like any other business.

Unfortunately, many organizations still do not recognize cyber crime as it truly is – a competing business entity that continues to grow its illegal offerings. In addition to attacking content assets, cyber criminals today also steal subscriber data for access to service provider services and monetizing the sale of the subscriber credentials. As a result, cyber security strategies within the pay TV industry must consider a broad range of vulnerabilities. Once organizations and the content production market have made this mind-shift, the more effective the industry will be at recognizing and combatting cyber crime.

Can you quantify the threat from cybersecurity?

PO: As the demand for high quality content continues to grow, the threat only increases. Take the Mayweather vs. McGregor fight at the end of August – a huge revenue opportunity for those that hold the rights, but widespread piracy has the potential to dilute the value of the content. There is no doubt about the extent of the cyber crime problem, research we conducted towards the end of last year found that there were more than 2.7 million advertisements on e-commerce websites, including Amazon, eBay and Alibaba for illicit streaming devices, while the top 100 Pirate IPTV supplier websites were generating more than 16,460,000 visits per month. In addition, a report earlier this year from Frontier Economics estimated that counterfeiting and piracy could drain $4.2 trillion from the global economy by 2022.

As a form of cyber crime, online content redistribution piracy is the major threat to high value content, but service providers also have to consider threats to their network and systems. Hackers will attempt exploit vulnerabilities to execute attacks including ransomware, malware injections, Man-in-the-Middle and Man-at-the-End attacks. This multi-layer threat has been demonstrated in the ongoing problems HBO is facing following a hack which reportedly resulted in Twitter accounts being taken over, scripts being obtained and episodes of Game of Thrones being released early.

How much of a threat is it compared to other types of content access breaches faced by operators?

PO: The HBO example is pertinent here as it clearly shows that data breaches and content theft are not necessarily separate threats. The same digital and connected TV platforms that cyber criminals target for illegal redistribution of content also act as attack surfaces for hackers looking to gain access to service providers’ networks and potentially steal customer information and other important data. Cybersecurity strategies must consider the whole threat landscape and a 360-degree approach to security is crucial.

What are the main security danger points that are emerging – both to consumer data and to content?

PO: Current business models rely on connectivity to meet growing consumer demands for flexibility, ease of access and convenience. This has seen the rise of IPTV set-top boxes and OTT services delivering high value content to a broad range of unmanaged devices. While great for the user experience, any connected device is a potential attack point for hackers. The rise of illegal plug-ins through Kodi devices is also a huge threat as it makes it easier for pirates to illegally redistribute content, while the dangers of the Darknet are just as prominent, where stolen data is available for purchase in abundance. This data includes pay TV credentials. Stealing credentials provides cyber criminals with more flexibility and gives them a lower chance of discovery as opposed to say hacking a service providers’ network. They are also valuable as most people don’t change their credentials very often and frequently use the same password across multiple accounts, allowing potential access to other services and data.

What solutions are on offer to enable operators to tackle these head on?

PO: There are plenty of solutions on offer to protect against different threats, but very few make the grade in providing overall security for pay TV service providers. Premium security today means 360-degree protection trusted by content owners, from protecting broadcast and OTT services, to end-to-end piracy control and watermarking. Cyber crime prevention services are also a crucial part of this, and include cyber intelligence (the gathering and analyzing of intelligence around security threats from the Internet and Darknet) and cyber security (actions to make digital platforms more secure such as penetration testing, security risk assessments, and incident planning and response).

To protect future revenues, service providers’ approach to security must evolve in line with the changing market dynamics. In today’s world, any legitimate insecure device can be abused for cyber crime, and pirated services can be streamed from anywhere on the internet. Many successful providers have realized that fighting online piracy requires more than just technology alone. Services are essential to combat new and emerging piracy threats. Being able to detect, analyze and counter all types of piracy affecting on-demand and live real-time content is more essential than ever. In tandem, as consumers demand more flexibility, ease of access and convenience, it ultimately introduces openings for hackers. Service providers therefore must implement an ever-evolving approach to cyber security and stay up to date with the latest developments so they can continually raise the security bar against the growing number of attack vectors.

Irdeto’s software security is easily renewable to stay ahead of piracy. It also enables service providers to reach consumers on any device. Irdeto’s security techniques protect applications through data and control-flow obfuscation, anti-debug, whitebox cryptography, integrity verification and executable encryption. The tools provide a highly effective, multi-layered, and tunable approach to software protection. In addition, we offer an extensive range of security services and have a dedicated global team, including cyber security and computer forensic analysts with years of law enforcement and legal experience.

What measures can realistically be taken to head off threats now and what are operators and broadcasters doing in practice?

PO: Content theft is a threat that Pay TV providers have been facing for many years and, as a result, many have become adept at evolving their defenses in line with the changing threat landscape. However, this is now part of a wider cyber crime threat, where increasing vulnerabilities and sophistication of attacks is making this harder and the combination of technology and proactive services has never been more crucial in the fight cyber crime.

Preempting potential security threats is also hugely valuable, and allows platform builders to take a proactive approach to prevention rather than a reactive one. The key here is understanding the threat landscape, from the evolution of piracy to how hackers are using increasingly sophisticated attacks to target networks and data theft. This is a major challenge for service providers, as the main piracy threat has shifted from control word sharing to content redistribution and the increasing use of illicit streaming devices and pirate plug-ins. Meanwhile, hackers are evolving their attacks from tactics like phishing, to gain credentials, to using WiFi to steal credentials via Evil Twin attacks. Working with a security partner who has expertise in both the media industry to protect content as well as really understanding cyber security is what’s needed. That blended knowledge is key.

Studios and content providers have faced major cyber attacks themselves. But what requirements are operators making of distribution partners to prevent threats from emerging further down the distribution chain?

PO: The MovieLabs security requirements for enhanced content protection set out clear guidelines around high value content. In response to this, content owners are adopting distributor watermarking and we’re starting to see many mandating session-based watermarking for their distributors (operators/broadcasters). Sports Rights owners are also starting to mandate more stringent security rights as part of their contractual terms.

When it comes to fighting cyber crime, collaboration is increasingly important. The media industry is certainly leading the way in different forums such as AAPA or MPAA where they share knowledge and information. It’s down to every player in the ecosystem to work together collaboratively to beat cyber criminals not just individual organizations. Many cyber criminal networks are spread over different countries and jurisdictions so one company on its own would find it difficult to have the necessary impact. For content owners and service providers, it’s important that they select a partner who has security in their DNA and has global reach, a good network of worldwide partners and excellent relations with industry bodies, ISPs and law enforcement.

You might also like...

Designing Media Supply Chains: Part 3 - Content Packaging, Dynamic Ad Insertion And Personalization

The venerable field of audio/visual (AV) packaging is undergoing a renaissance in the streaming age, driven by convergence between broadcast and broadband, demand for greater flexibility, and delivery in multiple versions over wider geographical areas requiring different languages and…

Media Supply Chain At IBC 2022 - Rising Advertising VoD And Virtualized Cloud Production Key Themes

Streaming dominates media supply chains far more than it did even at the time of the last IBC with a physical presence in 2019.

Netflix Set To Curb Unauthorized Password Sharing

Netflix appears on the verge of introducing measures to curb sharing of passwords by subscribers with friends or others outside their household, after years resisting such a move.

NAB 22 BEIT Conferences Detail TV Engineering Progress

People visit NAB Shows for many reasons. Some are there to investigate and examine new solutions. Some are shopping with a budget ready to spend. Others visit to gather ideas and figures for next year’s budget. Many visit to a…

Protecting Premium Content OTT & VOD Distribution - Part 2

Protecting high value media content is a major priority for any broadcaster working with OTT and VOD. In the previous article in this series we looked at the three challenges facing broadcasters and in this article we dig deeper into…