In part two of our series on protecting your station from Ransomware attacks, we ask cyber security experts Brian McHale and Bill Taylor what you need to do to make sure your radio station is not hacked.
Radio Ink: What should the manager or owner of a station do once they know this is going on?
Brian: It depends on the size of the station. You need to get somebody with IT experience inside and start looking for the obvious. Drill down to isolate the attack and look at remediation. There are certainly triggers, passwords could be altered, so they can’t get into the automation. You have to have someone with background. The best practices are to have some security function in the company, hire a third party like Cybersurance. There has to be something on the front end. If you go back to the Max Media situation, they could not figure it out so they replaced everything. At the corporate level, in my opinion, security for the radio or TV stations needs to be in the top five of their corporate priorities, with some budget allocation. In any industry it’s not a question of if but when you will be hacked.
Radio Ink: Why do I get the feeling they will call Best Buy to get the Geek Squad? This is a category they haven’t had to deal with before?
Brian: At the station level there’s not enough time, effort, and resources to look at the forest. Their job is to look at the trees. There has to be an IT function somewhere within the company so that’s the first call. You have to contact an IT person initially. There are engineers who are very smart around what they do, but when you’re looking at an infected computer you will need somebody from the IT side. Nobody has looked at what was happening with the logs. You have to know where to look. A lot of these cases the bad actors have locked it down so tight that the station either pays or replaces everything.
Radio Ink: Is every radio station at risk?
Brian: Yes. The stations in larger markets are a bit more protected because they may have an IT organization function with some semblance of security. My experience in the smaller markets is they are mostly on their own. The engineers are super smart and need to have remote access to the towers. A lot of people will stand up their own WIFI within a station, is it protected or not. There is not a real focus on antivirus in terms of a complex password at the station level. In a way, you think it won’t happen at a small station, but the key is that door, once they are in, will take them to other stations and clusters. A cluster level impact like Max Media had is significant.
Radio Ink: What about the vendor side? The vendors who the radio stations buy equipment from — are they supposed to be doing something to help create some block to these hacks?
Brian: At some point you will get down to a third party product to run your business. I’m an IT guy who moved into the broadcast engineering space. I feel my lens is different than a broadcast engineer. I’ve been up to my neck in the security stuff. I’d say it has to start with process controls internally, getting the message out, bringing in tools and software, bringing in firewalls, understanding where your connections are, what is protected and not. A nice diagram or design in terms of how things are connected. Password complexity is key and changing your password every 90 days. There are tons of best practices that can be done at the corporate level and pushing it down. I think there’s a level of security in antivirus that’s running on a lot of automation platforms but I don’t think it’s the priority. The vendors are providing features and functions. I’d say it’s the station or corporate’s responsibility to understand and put in a program to drive down information and cybersecurity best practices and controls.
Radio Ink: Would you say in 2020 we will see more of these attacks, or the radio stations making sure it doesn’t happen?
Brian: You have five that have happened and my opinion is there will be more. Some of the bigger players, like Entercom, have taken it seriously and are starting to invest. I’ve seen others bring in third parties, which is really the key. That’s why you need to bring in Cybersurance and have them go through their process. Regardless of industry, that needs to be done top to bottom.
Radio Ink: Any final advice for stations?
Bill: The first step in any organization is to do a thorough risk assessment to identify what assets, in terms of intellectual property, and what sensitive data you have. Identify all the areas where you have risks. Then come up with a game plan of how to protect it. It is really a risk management exercise to decide what your risk appetite is. Things you do need to spend time, money, and resources on to protect. Understanding that these attacks are increasing and will likely not go away. As long as there’s software out there, these vulnerabilities can be exploited and there are always bad actors who will do that. They are always looking for the weakest target. If you’re in the radio broadcast industry where they haven’t put a lot of focus on cyber security and don’t have a lot of defenses in place, they are considered an easy target.
Brian: It is important regardless of any industry to get out in front of the message from a PR standpoint. You can go back and read where the breach was not disclosed but eventually it was. Obviously, the majority of the companies are public with shareholders to answer to. This will wind up in their annual or quarterly earnings report as a mention. Your listeners are out there and there’s an impact. In terms of reputation, get out in front, state you’re aware, define the impact and the remediation. There is an awareness component. All of us in the industry need to help each other so we need a lot of collaboration. A specific item on the agenda at NAB would help to make everyone aware.
Brian McHale has been in media and entertainment for 25 years. Today he’s a cyber-security advisor. Brian has worked for Discovery Channel, Starz, and Direct TV. He was VP of IT and Engineering for Fischer Communications and CTO for Journal Communications.
Bill Taylor started his career in the Air Force. He took his first job out of college working for MCI Worldcom as a data engineer. Now he’s in the IT security space working for a company called Cybersurance.
Read Part 1 of this interview HERE.