Media Organizations’ Security Practices, Threats & Concerns Examined in New Akamai Research Report
‘The State of Media Security’ Survey Finds that Few Media Organizations are ‘Very Confident’ in their Current Security Measures
Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s largest and most trusted cloud delivery platform, has released new research in a report titled, “The State of Media Security.” Based on a survey of 200 U.S. media technology influencers and decision makers conducted by BizTechInsights, the report aims to evaluate and better understand how media companies are securing their online properties. Among key findings is that slow site performance and downtime is the number one security-related concern among media leaders.
The report also takes a deep dive into the most common types of attacks media organizations’ over-the-top (OTT) properties are facing, the measures currently in place to combat those attacks, top security challenges and concerns, and how they are addressing the management of bots – which can account for up to 60 percent of website traffic according to Akamai observations. Notable findings include:
Top security concerns go beyond protecting content. While premium video content protection ranked high among respondents’ top concern when it comes to securing their online video business (23 percent), the most-cited concern was slow performance or downtime due to DNS attacks (26 percent). Other areas of high importance included DDoS mitigation (13 percent), managing the impact of bot traffic (15 percent), and enterprise application security (20 percent). As the media threat landscape continues to shift, so too are priorities for protecting their OTT businesses.
Attack vectors span a broad spectrum. When asked which type of security breaches their organization has recently experienced, the top responses were SQL injections (23 percent), DNS attacks (21 percent), pirated content (20 percent) and distributed denial of services (DDoS) attacks (17 percent). Other attacks reported included account hacks, website defacement and cross-site scripting. Media entities are increasingly facing a broad spectrum of attacks that go beyond content piracy and present a real danger to the business.
DDoS defenses lag behind other industries. Respondents reported employing a broad range of technologies for addressing DDoS attacks, including a network firewall in the data center (31 percent), a dedicated DDoS mitigation “scrubber” (26 percent), data center-based intrusion prevention system (17 percent) and ISP-based DDoS mitigation (11 percent). Most surprisingly, only 14 percent of media organizations report using cloud-based content delivery network (CDN) DDoS mitigation – a measure that has become widely adopted in other industries.
Inadequate bot traffic management measures persist. A surprising one-third (33 percent) of survey respondents reported that they employ a manual process of investigating logs and blocking individual IP addresses to address bot traffic, while 45 percent of respondents leverage an existing firewall, and one percent don’t do anything at all. Only one in five respondents (22 percent) leverage a purpose-built bot management solution, revealing widespread risk of bot-based threats like credential exploitation to circumvent attacks or steal content.
Substantial web application defenses employed – but room for improvement exists. An overwhelming 84 percent of media organizations report using a web application firewall (WAF) -- either cloud-based, on-premises or a combination of the two -- to defend against web application attacks. Sixteen percent rely on application security audits and testing alone.
“Media companies are online businesses, operating websites and maintaining a wide variety of proprietary and sensitive information. They need to broaden their perspective on security and look closely at approaches like zero trust architectures and protecting enterprise applications to secure their content along with everything around it,” said Dave Lewis, senior global security advocate at Akamai. “Steps are being taken to address common threats like DDoS, bots and web application attacks, but almost none of the media influencers we surveyed are very confident their organizations are protected, indicating that businesses have a long way to go on the security front. At a broader level, it’s going to take media companies coming together as a community to establish forums, industry standards and closer connections with government bodies to move the confidence needle and create a more security-aware and protected industry across the board.”
Akamai is exhibiting at the 2018 NAB Show April 9th through April 12th at the Las Vegas Convention Center, where its media and security experts will share best practices and strategies for protecting online properties. Akamai’s Dave Lewis is also presenting on “Data Breaches: Barbarians in the Throne Room,” as part of the NAB Broadcast Engineering and Information Technology Conference on Saturday, April 7th.
To learn more about how Akamai can help protect your media business, visit them at NAB booth SL3324 or arrange an appointment through Akamai’s NAB site.
A Akamai protege e entrega experiências digitais para as maiores empresas do mundo. A plataforma inteligente da Akamai engloba tudo, desde a empresa até a nuvem, para que os clientes e suas empresas possam ser rápidos e inteligentes e estar protegidos. As principais marcas mundiais contam com a Akamai para ajudá-las a obter vantagem competitiva por meio de soluções ágeis que ampliem o poder de suas arquiteturas compostas por várias nuvens. A Akamai mantém as decisões, as aplicações e as experiências mais próximas dos usuários, e os ataques e as ameaças cada vez mais distantes. O portfólio de soluções de segurança de borda, desempenho na Web e em dispositivos móveis, acesso corporativo e entrega de vídeos da Akamai conta com um excepcional atendimento ao cliente, análise e monitoramento 24 horas por dia, 7 dias por semana, durante o ano inteiro. Para saber por que as principais marcas mundiais confiam na Akamai, visite www.akamai.com, blogs.akamai.com ou @Akamai no Twitter. Nossas informações de contato global estão disponíveis em www.akamai.com/locations.