Share this article on:
Matthew Lynn from Akamai Technologies explains how organisations can protect their streaming services from malicious cyber actors.
Audiences have been migrating to video streaming for some time, with the pandemic accelerating this trend over the past 18 months.
We have witnessed a flood of new entrants in the market to capitalise on this opportunity – as consumers are eager for even more things to watch.
PwC’s latest Australian Entertainment & Media Outlook Report found the industry is becoming more competitive than ever, as an all-out war for gaining subscribers – and retaining them – continues.
Live sport is a key growth opportunity for streaming players, who are competing fiercely to secure rights and expand their content portfolios.
As sporting events, such as the AFL Grand Final, have been off limits for most Australians these past 18 months, OTT providers have forked out millions to secure exclusive licensing rights for major sporting events.
But it’s not all rosy, as securing the rights is only half the battle. Streaming providers are faced with the challenges of supporting an increasingly fragmented device ecosystem and delivering a seamless digital experience every time.
For security teams within media organisations, there are also unique considerations when it comes to maintaining a robust security posture.
Live-streamed events have proven to be a lucrative target for the modern-day pirate, jeopardising both consumer data, as well as revenue security.
It is thus necessary to not only be across the drivers behind the types of attacks against the industry, but also understand the ways to defend against them, including moving to a "zero trust" model.
Securing users in today’s multi-screen reality
First, streaming services must be cyber resilient – to be prepared, responsive and able to recover quickly from cyber attacks while continuing to operate effectively.
The uptick in attacks has coincided with the growth in on demand media content. The ever-increasing number of subscription accounts created means a greater pool of personal data for opportunistic attackers to target.
Poor security practices like password sharing and recycling are emerging as the two largest contributing factors in credential stuffing attacks. By deploying stronger authentication methods, it offers better protection over viewer credentials.
Cyber criminals have also modified their attacks in response to the increasingly fragmented OTT device ecosystem.
With more users signing into multiple technologies, cyber criminals now have a greater choice of devices to target vulnerable users at different entry points – whether it’s via modern TV, or web browser or the mobile device.
In response to the increasingly fragmented OTT device ecosystem, media organisations are moving towards edge computing to provide users a more seamless, personalised digital experience with greater control.
At the same time, cyber criminals have modified their attacks in response to more users streaming from their home devices.
Security teams should thus consider edge-based web application and API protection to filter unwanted bot traffic from hitting applications, while simultaneously providing uninterrupted access to customers.
For customers, there is no do-over in live-streaming, so detecting and mitigating attacks as quickly as possible is key to staying in their good books in a post-COVID world.
Securing content in today’s piracy landscape
Piracy may be the most misunderstood form of cyber crime facing the industry today. Digitalisation has enabled this, leading to great advances in pirate activity.
Using the latest cyber security monitoring techniques, Akamai’s global security researchers found the piracy ecosystem has evolved – from link sharing and token harvesting to virtual private network (VPN) and proxy abuse allowing viewers access to streams illegally by bypassing geo restrictions using VPN technology. Streaming piracy operations often try to overload APIs and DRM servers with DDoS attacks.
Media organisations should partner with cyber security providers who can think outside of the box when it comes to monitoring and evaluating piracy. Advances in machine learning and automation, enable smarter, more accurate and more effective protections against the bad bots.
Pirates are an innovative bunch and will continue to modify their attacks over time. Acknowledging the complexities that come with a fast-moving industry, organisations need to constantly review their security investments to avoid it becoming redundant over time.
Securing services for tomorrow’s bottom line
OTT providers increasingly view cyber security investment as a positive revenue driver, instead of a cost, to their business. What enterprises need today are multi-layered defence architectures that can not only detect and deflect cyber attacks as close to the source as possible but to also scale and absorb massive-scale threats.
A zero-trust approach is designed to protect providers from piracy theft or other breaches. In the event where piracy does occur, to detect it and subsequently enforce anti-piracy measures. This strategy assumes the customer’s systems have been compromised and will only enable playback once they have been validated.
It’s no longer a simple game of cat and mouse. We are seeing an increase in the sophistication of the techniques being used by cyber criminals and are disrupting significant revenue streams to disrupt business models. Organisations must not overlook a zero-trust approach if securing their customer data and valuable rights (and revenue) is a priority.
Matthew Lynn is the regional sales director for Australia and New Zealand at Akamai Technologies.