The Media and Entertainment (M&E) industry is creative and as such is naturally adverse to things like European Directives. However, some directives cannot and should not be ignored.
European Union (EU) countries have until September 2024 to enforce the new “Network and Information Security” (NIS2) directive, which focuses on cybersecurity in areas such as cyber risk management, ransomware protection, penetration testing, incident response, and remediation.
Non-compliance with the directive can result in hefty fines, starting at 7 million euros or 1.4 percent of turnover, whichever is greater. Like GDPR, this directive uses a stick-and-no-carrot approach to compel organizations to take cybersecurity seriously or face severe consequences.
The directive lists “Digital infrastructure and IT services - DNS, name registries, trust services, data centers, cloud computing, electronic communication services, managed services and managed security services”. It also includes “Digital providers - online marketplaces, search engines, social platforms” as falling under the directive. Broadcasters and other organizations must determine their applicability based on industry verticals and size considerations, as authorities will not notify them.
While broadcasters and social platforms should heed this directive, the broader implication is that good cybersecurity practices should not require government mandates. Cybersecurity needs more investment from all companies, not just those directly affected by NIS2.
M&E is particularly vulnerable to cyberattacks from ransomware groups, hacktivists, and even foreign governments. The industry's valuable data sets are accessed by numerous applications, staff, and customers, increasing the risk of compromise without a well-thought-out IT strategy and sound IT purchasing decisions.
Perifery solutions offer a wealth of deep-level Cyber Resilience features built into their products, ranging from secure access controls to asset-locking mechanisms. These solutions provide protection at the API, monitoring, failover, and storage levels. Partnering with industry-focused providers that offer comprehensive cyber resilience tools allows M&E companies to quickly build solutions that address both current and future security needs, aligning with EU directives and global standards.