Box CEO Aaron Levie on Why Hollywood Needs to Get Smart About Cybersecurity (Guest Blog)

File sharing company cofounder makes a case for cyberdiligence — not cyberdesertion — and better security “hygiene”

Hollywood security (Box; iStock)
Box; iStock

It has been a complicated year for Hollywood and the Internet. Hacks of celebrity photos stored on iCloud, Quentin Tarantino‘s “Hateful Eight” being canceled after the script was prematurely leaked (but now back on!) and, of course, that minor incident potentially involving a country just above South Korea.

If the relationship between technology and the media industry was starting to hit its stride, 2014 did its part to slow that down.

Agents, studio execs, label heads and talent could be forgiven if they wanted to disconnect their laptops, power down their smartphones and go back to hand-written notes and couriers. But a response like this would set the industry back — not protect it going forward.

Of course, Hollywood isn’t unique in its attention-getting cyber attacks and digital snafus. Major retailers are dealing with unrelenting waves of credit card hacks, banks are coping with constant breaches, healthcare companies are under cyber attack and every energy and industrial companies are perpetually on guard from “advanced persistent threats” from foreign nations in search of critical intellectual property. This is the cost of doing business in the 21st century.

But for Hollywood, this growing phenomenon is starting to get personal. Hollywood is uniquely exposed because information is its primary product: scripts, contracts, dailies, VFX shots, trailers, masters and final cuts have all become digital. The productivity attained by this data going digital is enormous, but protecting it from its inception to delivery has become much more challenging.

The internet has given the entertainment industry so much — new distribution channels, wider access to customers, and the ability to move data at the speed of light to anyone in the world. It’s offered us communication apps that let an agent check in on ten clients at once, secure file sharing that enables a record producer to listen to the latest track on the road, and collaboration tools that put filmmakers located around the world virtually in the same place. But the internet also delivers a wealth of complexity to deal with.

And the collaborative nature of Hollywood makes security even more thorny. Given how information flows between multiple parties to complete any project, the responsibility to protect content is shared by everyone. The security of today’s systems and organizations is only as strong as the weakest link. Users with bad passwords, seemingly unimportant and compromised systems that connect to more important systems, and the broad network of external partners and contractors with varying security practices — all these factors invite opportunities for malicious activity.

This interconnectedness means there’s no simple solution. There’s no silver bullet — no single piece of software — that will secure and protect intellectual property.

Unfortunately, General Baringer’s response in “Wargames” to finding out they were locked out of the mainframe that controls its missile silos — “Just unplug the goddamn thing! Jesus Christ!” — won’t work either. Technology isn’t going anywhere, so we need to more intentionally incorporate it in everyday transactions. For agencies, studios, production companies and talent, security will have to become part of their culture and mindset. No longer can information security be treated as “someone else’s problem.” And the same processes that served the industry so well in the analog age will become its vulnerabilities in the digital age.

Better security “hygiene” (everything from the passwords we use, to apps we download, and information we share), investment in modernizing software and networks, and a cultural shift toward understanding and appreciating information technology will all have to occur to stay protected. Boards of directors should pay attention to IT and security practices as a form of governance, individuals should become more aware of the different threats the industry faces, and there should be a greater push to standardized approaches of sharing between parties.

While the entire world faces similar threats and challenges, few industries are as driven by its intellectual property as Hollywood. Whether it’s a nation-state trying to prevent the release of a movie or just a misplaced iPad with the latest tentpole script on it, security needs to be top of mind for Hollywood from here on out.

Comments