Companies in the media industry are very slow in fixing vulnerabilities, leaving an opportunity for hackers.
According to MDR provider BlueVoyant, many companies in the media industry are slowly fixing critical vulnerabilities. The media industry faces various types of cybersecurity incidents, including leaks of content on torrent trackers and dark web forums, outages on TV channels used to deliver content to consumers, ransomware attacks, and DoS attacks.
BlueVoyant analyzed nearly 500 vendors. This includes 49 companies that provide content management, production, monetization, and distribution services for most media companies, and 436 vendors whose products and services are widely used but not adopted by the entire industry.
Of all companies, 143 had critical vulnerabilities in Internet-facing systems, which are commonly targeted by attackers. One or more of these vulnerabilities have been found in approximately 30% of media companies, nearly double the multi-industry average of more than a million companies.
Based on the study, content management service providers were the hardest hit, with half of them hosting vulnerable systems. The monetization segment is the most protected: less than 15% of them are subject to attacks.
As a specific example, BlueVoyant cited the Confluence vulnerability ( CVE-2022-26134 ). Atlassian released fixes in early June, but exploitation of the bug began at least a week before. BlueVoyant found that 8 media companies still haven’t applied the fix – 6 weeks after it was released.
BlueVoyant urged media companies to take protective measures, especially in the area of content management. The supply chain is a common attack vector, and strong cyber defenses are critical to prevent leaks, downtime, and production disruptions.