Last updated at Thu, 15 Dec 2022 14:00:01 GMT

Securing intellectual property in the age of consolidation

Rapid7, of course, is not in the entertainment industry. However, we have worked with some clients out there in that golden land of dreams and enchantment—also known as Hollywood. Case in point: the company formerly known as Discovery, Inc. A few years back, Rapid7 helped the entertainment conglomerate transform itself into a cloud-first company. Discovery’s IT team leveraged InsightCloudSec to facilitate the company’s strategic shift.

In the time since, the company has undergone some, shall we say, changes. Now known as Warner Bros. Discovery following a merger of the two legacy media companies, there’s a new CEO at the helm who is likely feeling pressure to offset the billions of dollars in debt the company currently holds.

From an intellectual property (IP) security standpoint, there are a number of factors that could put the company in a potentially vulnerable position, as we’ve seen with other entertainment giants. In this blog, the first of a two part series, we’ll look at the macro issue of the entertainment business shifting to a streaming-first focus, and the increasingly loud alerts of cybersecurity professionals to the fact that content and IP must be better secured—especially prior to its release.

The big content-distribution shift

Direct-to-consumer services and maximum choice are at the center of the content-distribution shift of the past decade. Netflix kicked off their streaming project with little fanfare back in the early 2010s, but quickly became the gold standard for popular, on-demand content from Hollywood’s biggest studios. And nothing accelerates a seismic shift in any industry like competition. Like dominoes falling, Paramount, Universal, Disney, Warner Bros., and Apple launched their own proprietary streaming services—all in the past few years. Try to picture the digital earthquake that resulted as cloud operations at all of those companies scaled up with blazing speed, challenging their security teams to keep pace.

A few years back, Netflix was one of the first to experience an IP theft of the type we now see in the current age of streaming-service proliferation. A vendor vulnerability exploited by an attacker became a supply-chain issue that saw an entire unreleased season of the popular Netflix series Orange is the New Black dumped online before it could premiere. This was especially disconcerting due to the nature of Netflix’s binge model dictating that all episodes of a series are completely finished prior to release—in the can, as they say in Hollywood. This meant all episodes were stolen as opposed to one or two.  

That breach occurred just as the other previously mentioned streaming services were being prepped but prior to market entry, perhaps suggesting that cybersecurity naiveté on Netflix’s part could have been to blame. It seemed they simply weren’t ready for this next stage in digital theft that attackers were about to unleash upon the world.

Since then, companies have begun to realize the education and actions they must undertake—not to mention the talent they must hire—to secure not just finished TV shows and movies, but all forms of valuable IP that exist under a production company or studio’s purview: scripts, unfinished edits of completed footage, the musical score of a piece of content, and much more.

Warner Bros. Discovery IP security

We, of course, have no inside knowledge of Warner Bros. Discovery’s actual current security posture. However, from an outside perspective, there are a few factors that could potentially increase its IP security risk:  

  1. The skip-hop of Warner Bros. from one conglomerate to another: The legacy Hollywood studio was formerly owned by AT&T and then departed that relationship to merge with Discovery, Inc. As cybersecurity professionals know, a time of mergers and acquisitions (M&A) can be quite joyous for attackers and put the cloud security of organizations at severe risk. Without taking the proper steps to keep environments secure during that time of change, companies leave themselves open to massive financial, regulatory, and reputational risk.
  2. The race to make their streaming service competitive in an extremely crowded market: Warner Bros. Discovery’s streaming service is stuffed with a legacy Hollywood studio’s back catalog, original series, and all sorts of additional content. In the race to be competitive by getting as much of that content as possible up on the service, are they leaving the door more open to attackers? Everyone knows that as soon as a film goes live on any sort of digital service, it’s almost immediately pirated and disseminated globally, cutting into the profits of streaming services.
  3. The axing of high-profile projects in favor of tax write-offs: In some cases, content was complete—or nearly so—when the decision was made to cancel the release. In the high-profile case of Batgirl, the filmmakers made public their attempt to save a copy of the film from its digital storage before they were locked out and the project forever shelved.

As we can see from that last point, the moves the company is making are decisive and have little mercy for talent or content. As a recent mega-merged conglomerate, the new company has its work cut out for it in several areas. Combining the content catalogs of the two previously separate companies is most certainly the largest and most critical challenge facing the current business. Protecting those decades worth of valuable IP from attackers should be just as much of a priority as the creation of the next Batman or Harry Potter film.

Making film and TV projects is a painstaking, long, and laborious process. All of the hard work by hundreds of people that goes into each project can be devalued by attackers in the blink of an eye. Plus, there’s nothing bad actors love more than a high-profile Hollywood hack. So, to all cybersecurity professionals who are also major film and TV fans, let’s take up the call to Hollywood studios: Protect the IP!

Next week, in the second part of this blog series, we’ll look at cloud-based content delivery systems for Hallmark Channel’s holiday programming as well as actionable steps studios (and other organizations) can take to protect their valuable IP.