We recently held a media and broadcast cyber security event, co-sponsored by Deloitte and the Association for International Broadcasting, where leading figures from the cyber security world shared their thoughts on current challenges and solutions for the industry. The event was held under Chatham House rules, so I won't disclose or quote anything that was discussed, but I wanted to give you a flavour of the day and its focus.

It is clear that all organisations are starting to need to take consumer trust seriously on data security. There is a consensus that policies need to be put in place but with technological changes far outpacing regulatory change does this make policies obsolete before they are implemented?  Often the advice regulators can offer is not seen by the businesses to have the required detail to make a meaningful difference to firms' policies and system. It was on these crucial topics of data security that the conference was held: to examine ways organisations, and in particular media organisation, can fully realise threat levels and learn about some preventative measures.

Over the last few years there have been considerable attacks on major media organisations: the attacks on Sony, TV5Monde, Ashley Maddison, and others. These have caused damage and embarrassment for those involved. Concerns have now shifted from straight forward denial of services or outages, to data extraction, as exemplified by the Sony attack.

However, the threat may be wider. There has not yet been a major cyber terrorist attack that has caused physical destruction. We heard some real doomsday examples of what could be possible without effective cyber security – although terrorists' capacity is currently limited – such as if satellites were taken over. It was clear from the conference that GCHQ take these threats very seriously; they recently made headlines again this year for aggressive rather than a protective stance towards security.

Some of their biggest focus is on the threat faced to finance and media organisations. The service actively recommends protections; and of course they take even more effective measures for key areas of national security.

But what should be protected? Should we simply throw a firewall around all data? Of course not; to do so would be incredibly costly and not focus the right resources on the key data. The advice was simple: manage what is important to protect and not what is not worth the effort. Also, engage with Government in an honest way – they are there to help.

Further advice was provided too;

  • Attacks are sometimes inevitable, so you should prepare your reaction and make a contingency plan.
  • Human resistance is also a factor, as so many preventative measures against cyber attacks affect the day to day lives of workers.
  • Detection is key – someone will always get in – but organisations need to be able to detect attacks fast and respond swiftly.
  • Don't forget to educate. Ensure that your workers know of the dangers and are careful what they do, look at and the devices they use on an organisation's network. Some employees still rate cyber security and countermeasures as simply an IT issue – when in reality the World Economic Forum rates cyber risk as the number 2 business risk.

All in all it was a thoroughly interesting day, both in understanding the threat faced by big media and broadcast organisations, but in understanding how much organisations can do to protect themselves.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.