CyberSecurity Event - 25th October 2017, Reading, Berks
Robert May, CEO of Ramsac and Ambassador for Cyber Security and Technology at the Institute of Directors, set the tone at Thames Valley Centres Cyber Security lecture last week by advising there were two types of business; those that had been hacked, and those that don’t know they’re being hacked.
May told the group of broadcast professionals that companies are often unaware hackers have broken into their systems. The offenders don’t always act immediately but lie in wait, gathering information about users and data mining systems to either commit fraud or use the computer systems to infiltrate other victims.
Costs to global industry is expected to reach seven trillion dollars by 2020, with the average cost to each hacked UK business being three hundred thousand pounds. The biggest sources of cyber-security vulnerabilities are outdated operating systems and users poor understanding and appreciation of personal security, especially when maintaining passwords. Two-factor-authentication, as used by Google’s Gmail and Micrososft’s Office365 services, is still the most effective defence against cyber-attacks.
Denis Onuoha, Chief Information Technical Officer for Arqiva, told of the misconception broadcast engineers have that SDI is perfectly safe and immune to cyber-attacks. Onuoha put forward the case of encoder farms that use network connectivity for configuration and monitoring. If miscreants infiltrate a broadcaster network, they will have access to the encoder farm regardless of whether the video travels over SDI or not. Security is further compromised by poor processes using common usernames such as “admin” and passwords of “1234”.
Cyber-attacks are big business and Onuoha spoke of the criminal and terrorist networks often behind hacks. “it’s not personal”, he proclaimed “they’re just running a business, although a highly illegal one and are generally just out to make money”.
Questions and answers soon followed with the focus on security and risks of migrating to IP.