As part of its Committed to Security Programme, the DPP has today published a new survey report, Are We Fit for Cyber War? The report, which is published with the support of DPP Member company CenturyLink, is the product of interviews with security experts from DPP Member companies from across the supply chain.
“It’s easy to say cyber security is important; but we wanted to make a more forensic assessment of the maturity of security thinking in the media sector,” says DPP Managing Director and author of the report, Mark Harrison. “What our experts reported was growing pro-activity in establishing good security practice; but still large gaps in understanding about the responsibilities of individual parts of the supply chain.”
The report focuses on three principal areas:
Security experts describe high levels of general awareness that are undermined by the misconception that ‘surely they wouldn’t want to come after us?’ Automated attacks make breaches easy and frequent; so the way a company responds to a breach is as important as how it prevents one.
The cultural characteristics of media
Creative minds are almost pre-programmed to work around constraints – even if those constraints are security policies designed to protect creative output. Security specialists need to take the trouble to understand the creative process and its pressures, and to help creative teams by finding solutions to security risks that are as simple as possible.
The moment data moves it is at its weakest. That’s why everyone in the supply chain has to understand their responsibilities. Platforms from major suppliers may have security built in – but they can still be breached if the environment in which they are used is insecure. It may seem counterintuitive, but openness and collaboration is the best means of defence.
CenturyLink Chief Security Officer Dave Mahon likens managing security in a multi-vendor ecosystem to modern healthcare:
“A hospital has many departments, and it can’t be effective unless they are all coordinated. You need to take the same approach for how you oversee your organization’s entire security landscape, and it’s very difficult to be successful if you engage with multiple vendors. This requirement is driving the growth of managed security services. Partnering with a single vendor who can provide strategic direction for all the services you need allows for the establishment of a cohesive cyber security strategy for your organisation,” says Mahon.
“There are now substantial security risks in all industries – risks from nation states, multinational criminal organisations, hacktivists, terrorists and insiders. CenturyLink is pleased to support forums like the DPP’s Committed to Security Programme, where we can help drive change and bring a new kind of thinking that enables us all to protect each other.”
The DPP’s Committed to Security Programme is achieving strong take up across the media industry. Ten companies have already been awarded the DPP Committed to Security mark, and dozens more have applied to join the Programme.