Avoid the Click: Building a Cyber Resilient Culture to Navigate New Age Threats

The recent AT&T data breach sent shockwaves through the telecommunications and entertainment industries, highlighting critical vulnerabilities in cybersecurity protocols. This breach, which exposed sensitive customer information, underscores the urgent need for robust cybersecurity measures and heightened employee awareness within these sectors. It also brings to the forefront the concept of cyber resiliency—an organization’s ability to withstand, recover from, and adapt to cyber threats.

Impacts of Cyberattacks on the Media & Entertainment Industry

The telecommunications industry, which forms the backbone of global communication, is a prime target for cybercriminals. This breach not only compromises customer trust but also potentially disrupts services, leading to significant financial and reputational damage.

For the media and entertainment industry, the implications are equally severe. Companies in this sector rely heavily on the secure distribution of digital content and protection of user data. A breach can lead to unauthorized access to exclusive content, theft of intellectual property, and piracy, which can result in substantial revenue losses and legal ramifications. Additionally, these breaches erode customer trust and loyalty, crucial elements for any subscription-based or ad-supported business model.

A notable example of the severe impact of cyberattacks in this industry is the 2014 attack on Sony Pictures by North Korean hackers. This attack led to the theft and release of confidential information, unreleased films, and sensitive employee data. The incident caused significant financial losses, operational disruptions, and reputational damage, emphasizing the critical need for advanced cybersecurity measures.

In a more recent example, hackers gained access to Disney’s internal Slack communications in a July 2024 hack by exploiting an insider within the company. This insider helped the hacktivist group infiltrate Disney’s Slack infrastructure, leading to the leak of 1.2TB of sensitive data, including unreleased projects, concept art, and login details. While Disney quickly addressed the situation, the breach exposed vulnerabilities in security measures and emphasized the need for ongoing investments in cybersecurity to maintain user trust. The attack is likely to have multiple impacts, including potential unauthorized access to Disney’s exclusive intellectual property, which could be pirated or leaked, leading to significant financial losses. It may also lead to subscriber losses, placing Disney at a competitive disadvantage against other streaming services with more robust security protocols. Furthermore, the incident impacted Disney’s brand reputation and necessitated a review and upgrade of its cybersecurity practices to prevent future attacks.

Beyond Compliance: The Need for Advanced Cyber Resiliency

Traditional compliance-based cybersecurity measures, which focus on meeting regulatory requirements, are no longer sufficient to combat the sophisticated cyber threats of today. The advent of advanced technologies such as Generative AI has escalated the complexity and frequency of cyber-attacks. Cybercriminals are now leveraging AI to create more effective phishing scams, automate hacking processes, and exploit vulnerabilities at an unprecedented scale. This dynamic environment necessitates a shift from mere compliance to proactive and comprehensive cyber resiliency.

Cyber resiliency in an organization involves proactive measures to prevent, detect, respond to, and recover from cyber threats swiftly and effectively. For example, in a multinational technology company, cyber resiliency is strengthened through a robust employee awareness program. Regular cybersecurity training sessions across all departments emphasize identifying phishing attempts, strong password management, and recognizing social engineering tactics. Employees participate in simulated phishing exercises and interactive workshops to practice responding to real-world cyber threats. Advanced AI-driven threat detection ensures real-time anomaly detection, supported by detailed incident response plans and regular drills to refine readiness. Continuous system monitoring and prompt security updates mitigate vulnerabilities. Senior leadership reinforces a culture of cybersecurity awareness, empowering employees to protect sensitive data and respond effectively during cyber incidents. This approach has significantly enhanced the organization’s ability to withstand and recover from cyber threats, maintaining trust and security for customers and stakeholders alike.

Ways to Avoid the Click: Using Employee Awareness to Enhance Cyber Resiliency

A significant portion of cybersecurity breaches can be attributed to human error, making employee understanding and adherence to cybersecurity protocols paramount. To mitigate such risks and enhance cyber resiliency, companies should focus on comprehensive cybersecurity cyber education and training programs. Some examples include:

1. Regular Cyber Resilience Training Programs: At bare minimum, organizations should implement mandatory cybersecurity training sessions for all employees. These should cover the basics of cybersecurity, such as recognizing phishing attempts, using strong passwords, and understanding the importance of software updates.
2. Phishing Simulations: Conduct regular phishing simulations to test employees’ ability to identify and respond to phishing attempts. This hands-on approach helps reinforce theoretical knowledge and prepares employees for real-world scenarios. It’s also one easy way to track your organization’s level of cyber resilience.
3. Access Control Policies: Limit access to sensitive information based on job roles. Implementing the principle of least privilege ensures that employees only have access to the data necessary for their roles, reducing the risk of accidental exposure.
4. Incident Response Training: Train employees on how to respond to a cybersecurity incident. This includes knowing whom to report to, how to contain the breach, and steps to mitigate damage.
5. Continuous Education: Cybersecurity is an ever-evolving field. Regularly update training materials to reflect the latest threats, particularly those threats enhanced by Gen AI, and best practices. Encourage employees to stay informed about new developments in cybersecurity using regular communications such as quarterly cybersecurity video newsletters and training.
6. Promote a Cybersecurity Culture Using Rewards: Foster an organizational culture that prioritizes cybersecurity. Encourage employees to take ownership of their role in protecting company data and reward those who demonstrate exemplary cybersecurity practices.
7. Resiliency Drills: Resiliency drills should mimic realistic cyber-attack scenarios, such as phishing attacks, ransomware infections, data breaches, and distributed denial-of-service (DDoS) attacks. This helps employees and IT teams practice their responses in a controlled environment, making them better prepared for actual incidents. These drills should involve all departments to ensure a coordinated and effective response.

Recent events such as the AT&T data breach and Disney cyberattack serve as stark reminders of the vulnerabilities present in even the most robust networks. In response, telecommunications and media entertainment companies are increasingly prioritizing the cultivation of a cyber resilient culture. These efforts are crucial for safeguarding data and maintaining customer trust amidst escalating cyber threats. Pairing the cultivation of a cyber resilient culture with advanced generative AI cybersecurity technology represents a comprehensive approach. By nurturing a culture where cybersecurity awareness is paramount and integrating cutting-edge technologies, organizations can effectively mitigate risks and foster a secure environment for stakeholders. This proactive strategy not only strengthens defenses against potential breaches but also emphasizes the synergy between human vigilance and technological safeguards.

By Korea Gilreath, Associate Director, Avasant