Numerous Media Industry Vendors Take Their Time to Fix Critical Vulnerabilities
According to MDR and third-party risk management company BlueVoyant, a cybersecurity investigation of hundreds of media sector vendors revealed that many businesses take a long time to patch serious vulnerabilities.
Content leaks on torrent sites and dark web forums, disruptions to the routes used to transmit content to customers, and other disruptive assaults like ransomware and denial of service are just a few of the cybersecurity incidents that the media business encounters (DoS).
Nearly 500 vendors have been examined by BlueVoyant. This comprises 436 companies that represent suppliers whose goods and services are frequently used but not standard across the whole sector, as well as 49 companies that provide content management, production, monetization, and distribution services to the majority of media organisations.
Out of all these businesses, 143 had what the security company refers to as “zero tolerance discoveries,” which are serious flaws in systems that are accessible via the internet and are frequently targeted by threat actors. About 30% of media vendors had one or more such vulnerabilities found, which, according to BlueVoyant, is near twice as many as the multi-industry average it has seen across more than one million businesses.
With half of these suppliers hosting susceptible systems, content management providers appear to be the most severely affected by the propagation of these vulnerabilities. With less than 15% of its systems exposed to threats, the monetization area has the best system security.
BlueVoyant gave the Confluence vulnerability identified as CVE-2022-26134 as an example. Early in June, Atlassian provided a fix, although malicious exploitation had already begun at least a week beforehand.
BlueVoyant discovered that eight of the monitored media industry vendors had yet to apply the patch six weeks after its release, despite the fact that this is a serious vulnerability that can be remotely exploited to take full control of the targeted system and cause serious problems for affected organisations. “Media firms need to be aggressive when dealing with their suppliers and partners, especially in content management. Supply chain attacks are a frequent attack vector, and guarding against ecosystem vulnerabilities is essential to avoiding leaks, downtime, and manufacturing process interruptions, according to a report by BlueVoyant.
The cybersecurity company examined 300 SMB subcontractors for the defence industrial base sector earlier this summer and discovered that many of them were vulnerable to assaults and that some of them had probably already been infiltrated.