3 min read

Why cyber-criminals are so interested in VFX and how to stop them

8 October 2020

The security risks to the VFX industry are very real, and you need outstanding cyber security. Hollywood blockbusters and popular TV shows represent millions of dollars of content and key to achieving a return on that investment is releasing the content at the desired time. When leaks occur, they reduce the value of the product – a loss that studios are loathe to bear. For cyber criminals, content is just another type of valuable data, one they are happy to extort.

[If you work in VFX, read our insight on how Covid-19 changed the industry]

Cyber attack on VFX studio without cyber security

Typical threats to the VFX industry include:

  • Malware used to steal content and leak it online
  • Ransomware used to extort money from victims with the threat of leaking content
  • DOS and DDOS attacks used in a similar way. Victims must pay to regain access to their systems

How does this happen?

In an industry that utilises such sophisticated technology, how is it that attacks like this can happen to you? Unfortunately, having access to vast processing power does not protect you from the vulnerabilities that are typical across all industries:

  • Poor cyber hygiene – Bad computing habits like reusing passwords, not running software patches and leaving unused ports open all create vulnerabilities that cyber criminals can exploit.
  • Insufficient security measures – Cyber security software is continuously evolving along with the threat. Running old DDOS protection or failing to secure files with multi-factor authentication leaves you open to attack.
  • Social engineering – Highly targeted spam emails and phone calls (known as spear phishing) can be difficult to defend against if staff are not thoroughly trained on what to expect. Once a cyber-criminal gains the information needed to access your system, they can run amuck with your content.

Limiting risk in the office

You are likely well aware of these threats; in the UK, a collective of industry leaders worked together on a project in 2016-17 to create an open source toolkit and specifications for monitoring traffic in and out of facilities. It’s not a complete fix, but it’s a good start.

Meanwhile, it is common for production houses to insist on high levels of security within your studio, such as restricting workspaces for particular projects, installing cameras to monitor people coming and going, and ensuring that physical security is at the highest level. These requirements are one of the reasons why VFX work has usually been office-based – it was thought to be impossible to impose such strict measures on home workers and remote-access systems. Of course, six months on, we know better...

How does remote working complicate this picture and what can you do about it?

With the pandemic shifting the goal posts somewhat, we are now in a situation where most VFX workers in the UK are working from home. This has the potential to increase cyber security risks if your IT isn’t updated to factor this in. Let’s look at what might go wrong and how you can minimise the risks:

Risk #1: A greater chance of data leaving the secure network

The solution: Remote desktop solutions enable you to stay working on the same machine with the normal security measures, wherever you are, though additional permissions may be needed to prevent data from being copied or downloaded.

Risk #2: Reduced physical security

The solution: Simple things like ensuring that the home ‘office’ is not overlooked, locking computers away when not in use, extending NDAs to other members of the household can all boost physical security.

Risk #3: No oversight on colleagues

The solution: Regular training and continuous reminders about cyber security can help keep it foremost in mind to prevent accidental breaches. While regular video calls with staff can enable you to spot an unhappy employee who might present a security risk.

Risk #4: Stress and distraction of the home environment

The solution: It’s easy to make poor decisions when your mind isn’t on the job. The support of colleagues will make a big difference in reducing stress levels and helping people feel like they have the time to do things properly.

How a data centre could boost your security, even if you go back to the office

Even if you’re planning on keeping your office, you can easily boost your security by moving some of your systems off-site. Moving servers to a data centre provides comprehensive physical security and cutting-edge cyber security solutions. Servers are under guard 24/7/365, ensuring only pre-approved access. Meanwhile cybersecurity services, such as vulnerability scanning and DDoS mitigation, are regularly upgraded to keep up with attackers and minimise the risk of attack. They can also advise on other measures to increase the safety of your data, like how to get the best from a remote IT setup.

How to look after your security long-term

Cyber security is a real threat – but most hackers are opportunists. The best thing you can do is not give them an opportunity, especially if you’re planning on remote working long-term. Implement best practice cyber hygiene, maximise security standards by using the best available software and hardware (including antivirus, DDOS protection, firewalls), and support your colleagues to follow protocols. No one can totally eliminate the threat, but you can ensure you are primed to respond – even from home – with the proper tools and procedures.

You can also add in an extra layer of protection by moving some (or all) of your system to a data centre, who can provide top-level cyber and physical security, as well as secure the remote connections to your system. They also provide a host of other benefits that reduce downtime and hassle for your engineers.

Remote working guide - 20 tips for your company's IT