Industry review


Helping clients in the media industry improve their resilience to the cyber threat

The modern media landscape has changed beyond recognition since the 1990s, with the shift to digital introducing a raft of significant changes, including rolling 24-hour news, the rise of the internet and the subsequent decline in print media.

The thirst for knowledge in the internet age means that media companies can only thrive if they are able to maintain output of new content; this means operating a highly resilient infrastructure for those broadcasting television or radio programs and those hosting web services.

The pressure to maintain an ‘always on’ service is set against the background of falling profits in traditional print and broadcast media, meaning losses in those areas often have detrimental effect on investment in both maintenance and new technology.

But despite the apparent fall in value of the written word, one thing that matters above all for most media organizations is reputation. It is essential that the message communicated is allowed to flow to its intended audience - unaltered, true and with complete integrity.

The Cyber Threat

The desire to raise the profile of a cause, to sow the seeds of fear or to sway public opinion is held by a wide range of threat actors including hacktivists, terrorist and nation states.

These cyber attackers might be less interested in stealing data, more seeking to stop the organization operating effectively or humiliate it in the eyes of the world. The implication is that the media industry is highly likely to face a Computer Network Attack (CNA) in order to disrupt service, using tactics ranging from a rudimentary DDoS, through to highly-sophisticated APT campaigns conducted by nation states.

The public footprint of media organizations makes them prime targets for visible impact to a wide audience, so threat actors also are looking to piggyback on these organisations' own communications channels to spread their own message. Propaganda is alive and well and cyber attack has become an effective tool in its deployment by both state and non-state groups.

Whatever their size and sector, media companies need to be aware of the various threats that face them and accept that their part in society has placed them in the sights of some particularly capable groups.

The changing nature of this threat has meant that traditional cyber security measures have been found wanting, as evidenced by the torrent of cyber intrusions reported at media organisations recently. For those organisations looking to protect themselves and stay out of the headlines, MWR encourages them first to build on the effective parts of their cyber security programmes with practical solutions.

Move forward with MWR

In our years serving clients in the media sector, MWR have developed highly-effective security solutions for the sector, enabling organizations to identify their strategic risks, protect their most critical IT components and maximise the uptime and availability of their services.

  • Work with sector experts

Like media companies, MWR works in a dynamic and fast-changing world, dealing with a myriad of cyber threats and security challenges. Our consultants think like attackers – and are dedicated to finding the weak points in information security systems, breaking them and then putting them back together, far more secure than before.

This means we’re able to provide our media clients with more realistic pictures of how they can come under attack and more advanced ways in which to defend themselves.

  • Improve resilience to APT

The high profile of media companies and propaganda ‘shock’ value of undermining them make them a key target for advanced attackers, dedicated to undermining the information systems on which the modern media industry depends. However experience has taught us that if your business can resist targeted cyber-attacks from advanced nation states, it can resist cyber-attacks from almost all threat actors.

With solutions such as Targeted Attack Simulations and Countercept, delivered by consultants that truly understand the mind of an attacker, your organization can be safe in the knowledge they are using the most advanced defenses to resist the most advanced attackers.

  • Implement Effective Controls

While smaller media outlets with modest resources make softer victims, it is the larger global organizations, speaking to billions of people that form the prime targets, as extremists seek to piggyback on their worldwide reach to spread their own messages.

Whether you are a global or national media organization, MWR uses the same threat-based approach to can help you build a realistic view of your security posture, adopting programmes that are highly effective in practice.

An example of this is Attack Path Mapping, a unique solution that uses real-world attack methods to determine the risk to your most critical assets, providing your organization with actionable intelligence that can be used to mitigate risks.

Alongside services such as this, we can also author or review your overall cyber security strategy, using our unique experience to ensure it is fully aligned to your business risk appetite and threat profile.

These are just a number of solutions offered by MWR to help media organizations overcome the security challenges they are facing.

Please visit our Practice pages for a more comprehensive view of our capabilities.


Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.