New study highlights the myriad cyber defense challenges faced by media companies in 2022

Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats

The global media industry is facing an onslaught of cybersecurity threats, as new research reveals that those serving the industry are disproportionately susceptible to compromise when compared to other sectors.

According to a report out this week from BlueVoyant, ‘Media Industry Cybersecurity Challenges: A Vendor Ecosystem Analysis’, 30% of media vendors are susceptible to compromise via vulnerabilities discovered in their publicly accessible online presence.

What’s more, these critical supply chain vulnerabilities are known to be exploitable by malicious actors.

Complex ecosystem

The study focused on nearly 500 service providers, partners, and technology suppliers that are widely used across the media industry, including organizations involved in content management, production, distribution, and monetization.

According to BlueVoyant, media industry vendors are nearly twice as susceptible to compromise than those in other industries benchmarked by the cybersecurity firm.

INSIGHT API security threats plague the enterprise security landscape in 2022

Across the 485 companies that were assessed, 143 companies were identified with ‘zero tolerance’ findings.

Media vendors offering content management solutions were singled as a particular concern, with potentially compromising vulnerabilities being discovered in more than half of these organizations.

A lack of timely patching was also identified as a “significant issue” for the media industry, with 60% of identified vulnerable systems still unprotected six weeks after a patch has been issued.

Addressing the challenges

“There are a couple of possible explanations of why the media industry’s supply chains are disproportionately susceptible to compromise,” Dan Vasile, vice president of strategic development at BlueVoyant, told The Daily Swig.

“One is related to the fragmentation of the vendor ecosystem. Media companies tend to rely on a lot of vendors, with the majority of them being relatively small companies that don’t have the appropriate budget for cybersecurity nor the necessary focus to address cyber risks.”

Read more of the latest infosec research news

Vasile added: “Another explanation could be the dependency on legacy systems. Adoption of new, more secure technologies is slow because of the cost and potential disruption.”

While the report shows that media industry vendors are more susceptible to compromise than those in other industries, BlueVoyant vice chairman Joel Molinoff said it’s never too late for organizations to take proactive steps to improve their cyber defense posture.

Key recommendations from the security company include timely patch implementations, continuous monitoring of the third-party vendor ecosystem, and “leveraging security platforms to proactively track how vendors are addressing externally visible vulnerabilities”.

YOU MIGHT ALSO LIKE Security researchers blast ‘ridiculous’ CrowdStrike bug disclosure practices