Broadcasters on a high cyber alert

IEC E-Tech

article here

Cyber attacks on broadcasters are evolving and so are the standards which offer cyber protection.

A BBC reporter was recently offered a life-changing sum of money for his part in sharing digital access keys to the Corporation. It proved one of the more blatant examples of phishing, a technique that usually involves tricking an employee into revealing sensitive data. The aim in this case was to extort money by stealing information and/or leaving virus software that would scramble the IT system and leave part or all of the organization offline.

It's the latest in a tsunami of cyber attacks on critical infrastructure hitting all industries. In a recent update, the UK’s National Cyber Security Centre (NCSC) highlighted a sharp rise in cyber activity linked to advanced persistent threat (APT) actors. According to its latest data, APT-related attacks have increased by more than 200% – a clear signal that the external threat landscape is intensifying.

Cyber attacks on news organizations - mostly politically motivated

News organizations are a particular target. One study reported that in the 10 months to March 2025, over 97 billion malicious requests had been sent to just 315 news outlets. The cyber security firm behind the report said that it had blocked an average of 325,2 million cyber threats every day in that period – a 241% increase from the previous year.

It further noted a rise in distributed denial-of-service (DDoS) attacks targeting investigative outlets operating in regions under government pressure, including Russia and Belarus. Swedish broadcaster SVT may have been subject to one such attack. In June this year, the broadcaster, government websites and other institutions were subject to a DDoS attack on the country’s digital infrastructure. While this appeared to be state-sponsored with a view to causing maximum disruption, an attack in September on a US newspaper publisher and broadcaster, allegedly by Russian hackers, was an attempt to solicit a ransom. Irish broadcaster RTÉ investigated a potential ransomware attack in July following an alert from the country’s national cyber security centre.

“Most attacks appear to be politically motivated rather than financially driven,” says Alain Durand, Senior Director at a security specialist that counts Sky as an investor. “It’s essential for broadcasters to maintain a strong and well-balanced cyber security posture — not only to help systems withstand a certain level of attack, but also to ensure rapid recovery in the rare event that a black screen or disruption cannot be avoided.”

Policing piracy on an industrial scale

Other attacks on broadcasters are typically motivated by profit. In 2023, the final episode of HBO’s fantasy series House of the Dragon was uploaded to pirate websites after the servers of a satellite distribution company were hacked. Earlier this year, two Indian blockbusters, Sikander and Coolie were leaked online in separate incidents. In the case of the former, the damage cost the producers 91 crore (over USD 10 million) in lost box office revenue.

With the cost of films and TV dramas rising – House of the Dragon episodes cost USD 20 million each – any loss of paying customers impacts not just the immediate producer, but undermines the economics of the media and entertainment business. Unlicensed content consumption is estimated to cost the global media sector USD 75 billion a year, rising at an annual growth rate of 11% to hit a staggering USD 125 billion by 2028. “Combating piracy is a formidable challenge, providing a direct threat to profitability for broadcasters and streamers,” say analysts in a report published in May.

IT systems and human error are the soft underbelly

It might seem as if the problem is recent, but criminality has plagued the broadcast and film industries for decades. It is the industrial scale of the challenge which has soared, with the transition over the past decade to using standard IT systems to create programming and the internet to distribute it.

The move to IT equipment and internet-based production and distribution workflows has been driven by the need for greater cost efficiency and flexibility. The dedicated hardware used to edit, store and mix programming has been largely replaced by less expensive software applications running on off-the-shelf computers and, increasingly, on servers housed in data centres.

Robin Boldon, Head of Product at a security solutions provider whose clients include BBC Studios, explains: “I wouldn't necessarily say it was more secure [before internet-based systems], just different, in that [if you were a criminal] you had to know how specific broadcast engineering systems worked. Operations weren't necessarily connected to the public internet and were typically closed platforms, which could only be accessed via proprietary gateways. Physical security was a greater consideration, particularly at the facilities that receive and distribute signals.”

Meanwhile, broadcast content is increasingly delivered to viewers over the internet rather than beamed into homes using satellite, terrestrial transmitters or transported over cable networks. In the US, streaming overtook traditional TV delivery forms this year. “With internet protocol (IP)-based delivery to internet devices, the attack surface for the cyber criminal is far greater, and the tools available to access them are more commonly available,” Boldon adds.

The latest wave of attacks, known as CDN leeching, is when pirates not only steal the content but use the service provider’s own resources to distribute it. Durand explains: “Criminals know how to exploit and distribute encrypted keys to subscribers and they are sending links directly to the content delivery network paid for by the service provider to stream the content. Since they don't distribute the content themselves, they make much more money because they don't have any distribution cost to restream the content.”

Multi-layered defence is recommended

As a result, organizations are being compelled to reassess their cyber resilience strategies. This includes not only strengthening their security posture, but also preparing for potential operational disruptions that could arise from future incidents. Security experts advise media organizations to adopt a multi-layered shield.

“It's not one shot,” says Boldon. “The whole ecosystem needs layering with multiple tools to deal with particular problems. Risk reviews now span a broader scope – incorporating cyber insurance to offset financial exposure, tighter supply chain oversight, enhanced identity protection, ongoing security awareness training and continuous improvements in detection, response and recovery capabilities. A critical part of this effort involves collaborating with key suppliers to improve shared security practices. In today’s interconnected business environment, a single point of failure can have far-reaching consequences.”

Meanwhile, cyber criminal tactics continue to evolve. Advances in AI-powered tools – such as deepfake voice and image technology – are making phishing and impersonation attacks more convincing and harder to detect. “This growing sophistication means human error remains a significant vulnerability,” Boldon says. “While prevention is paramount, organizations must also prepare for the worst. Containment and recovery capabilities are increasingly recognized as essential components of a layered defence strategy. Recovery can take weeks – or even months – disrupting operations and eroding stakeholder trust.”

Hollywood Studios, including Disney, Warner Bros. and Universal, are attempting to standardize their production and distribution processes in the cloud where security will be guaranteed by the principles of zero trust. This concept, which is a common approach to securing IT systems, assumes that the security of the infrastructure is always in a state of breach. The Studios’ solution is to set up permissions to access assets and applications online, based on everyone involved having a unique digital identification.

Yet, substituting decades of ingrained thinking in locking down a physical location to one based on securing data on a network is proving a challenge. “Productions are naturally very risk-averse,” says Richard Berger, CEO at the research lab tasked by the Studios to lead the cloud migration project. “Most security today is an add-on after the workflow has been designed. There’s a perception that security by design will get in the way of the creative process, but that’s not the case.”

Where standards reinforce defence

The international standard for information security management and certification is ISO/IEC 27001. It provides a common international language across all business sectors and applies to all levels of information security management. According to Dr Edward Humphreys, Chair of the working group responsible for the management, development and maintenance of ISO/IEC 27001, “The power of the standard is to build confidence, assurance, resilience and trust that cyber risks are being managed effectively.”

International standards such as ISO/IEC 27001 and IEC 62443, together with conformity assessment, are important tools for a successful and holistic cyber security programme. Such an approach increases the confidence of stakeholders by demonstrating not only the use of security measures based on best practices, but also that an organization has implemented the measures efficiently and effectively.  The industrial cyber security programme of IECEE, the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components, tests and certifies cyber security in the industrial automation sector. IECEE includes a programme that provides certification to standards within the IEC 62443 series.

Looking ahead, we are likely to see increased investment in business continuity frameworks based on standards like ISO 22301, which provides a structured approach to restoring critical functions after a disruption. These frameworks not only enhance operational resilience, but also build confidence among customers, partners and regulators.

The bottom line is clear: the cyber threat landscape is escalating, and organizations that fail to plan and invest accordingly may jeopardize both their operational viability and their ability to serve customers effectively. Cyber resilience is no longer optional – it’s a business imperative.