With the music industry increasingly reliant on the internet for streaming, ticket sales and other means of business, recent activities by hackers has raised concerns that music organizations will be targeted and their operations disrupted or severely compromised. Organizations both large and small have been affected by an increase of hacking, specifically ransomware attacks, on almost a daily basis. Most notable has been the attack on the Colonial Pipeline, which provides vital gasoline and jet fuel from the Gulf Coast to refineries in New Jersey. In response to this attack, the company shut down its operations for six days to limit the spread of the hack and to respond to the demands of the hackers. The organization eventually agreed to pay $4.4 million worth of bitcoins to the hackers, since they were not sure the depth of the cyberattack on their systems. Although the amounts of the Colonial ransomware fare out measure any other organizations, the prospect of smaller music organizations and individuals is ever present.
These recent events have not only effected large corporations, music and entertainment companies and individuals have been targeted. Organizations such as Disney and Sony have faced attacks. In regards to Disney hackers threatened to release a copy of the fifth installment of Pirates of the Caribbean movie. According to Edward Kopko in Bold Business (Kopko, Edward Lady Gaga, Elton John, U2 and the Ransomware Threat. Bold Insights May 15, 2020 https://www.boldbusiness.com/digital/lady-gaga-ransomware-threat/) the hackers of Elton John, Lady Gaga and U2 demanded $21 million from entertainment lawyer Allen Grubman and his firm, Grubman Shire Meiselas & Sacks or sensitive material would be released”. A recent survey by Sophos, a British security software and hardware company, indicated that media, leisure and entertainment industries reported the highest levels of ransomware attacks. (Sophos, The State of Ransomware 2020, May 2020 ttps://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf) The survey revealed that 51% of organizations had received a ransom attack. More concerning for the music industry, is 60% of surveyed media companies had faced ransomware attacks. In comparison only 45% of public sector organizations surveyed had faced a similar situation. With hackers infiltrating important data, the average cost to organizations to rectify the impact of a ransomware attack was calculated to be approximately $700,000 for large organizations and $500,000 for smaller organizations. In most cases companies, large and small, have paid the ransom, but there is little or no information if that has resulted in hackers not coming back to the table for seconds. (in other words attacking the same company again)
As the survey states and countless articles have shown, this is a serious issue facing music organizations and individuals. Attackers will use a variety of techniques to find vulnerable aspects of a company’s infrastructure and extract the appropriate demands on an institution. The most common technique preferred by hackers is file downloads through emails with malicious attachments. According to the Sophos survey this form of attack accounted for 50% of organizations reporting these type of incidents. Anti-hacking experts all agree that ransomware is inevitable in the online environment and hackers in general do not discriminate in their targets. Every organization, irrespective of their size, sector or geographic location is a potential target. As such, organizations should incorporate a cybersecurity strategy based on the assumption that they will be targets of an attack. Most experts agree that organizations and individuals should make regular backups of their data, storing it both offline and offsite. This allows organizations to quickly restore lost data and lowers the costs of dealing with ransoms. Similarly, protecting data wherever it’s held add to the level of protection against ransomware. Studies have indicated that 60% of ransomware attacks included information held in the public cloud. A strategy recommended includes protecting data on the public cloud, private cloud and on the organization’s premises. Further protection can be achieved by investing in anti-ransomware technology. As this trend becomes universal, investing in the appropriate software can inhibit attacks and deter hackers from attempting to compromise an organization’s IT infrastructure. Some experts also encourage organizations to verify that their cyber insurance covers ransomware. Finally, the WIPO (Chattopadhyay, Angshuman How the Media and Entertainment Industry Can Protect Against Ransomware, June 2021 https://www.wipro.com/cybersecurity/how-media-entertainment-industry-can-protect-against-ransomware/) WIPRO recommends that employing an effective defense system that shields endpoints, servers, email, network gateways and supply chains will offer some protection. Hackers will use a variety of techniques to get around an organizations defenses. Covering all aspects will deter them in their efforts, hopefully discouraging them from making an attack. Invariably, even if all of these techniques are employed, we may need to accept that this type of attack is the new norm for the music industry. If this is the case knowledge may be the best defense an organization has for the future.
The Analytical Musician 