The Entertainment Industry is the next spotlight blog in the Industry Sector series. Movie and television producers have long entertained the public with insider threat dramas such as Jurassic Park, Office Space, or the more recent Mr. Robot. These dramas showcase the magnitude of damage that can occur from incidents involving our assumed good, trusted employees. Yet as we discuss in this post, movie producers and the entertainment industry are not immune from experiencing such incidents.

According to a SelectUSA article, the Entertainment industry is expected to be valued at $830 billion by 2022. This sector poses a prized target for malicious actors. From areas such as music, film, video gaming, theater, and hospitality, there are multiple sub-sectors within the industry that require unique and individual attention for identifying insider threats and preventing insider incidents.

Of the 26 Entertainment malicious insider threat incidents in our case corpus, we identified 26 related victim organizations. Within the 26 Entertainment organizations, we identified 18 organizations classified as "Hotels, Amusement, Gambling, and Restaurants," and the remaining 8 are classified as "Content Publishers," such as media producers for TV and web services. Perhaps surprisingly, two of the subsectors under Entertainment did not have any recorded insider incidents: "Performing Arts and Spectator Sports" and "Art, Museums, and Historical Sites."

In addition to the 26 incidents where the organizations directly employed the insider, we identified 11 organizations involving a trusted business partner relationship (e.g., contractor or temporary employee).

Insider incidents in the Entertainment sector contain all three of the case types (fraud, IT sabotage, and theft of intellectual property [IP]) we used to analyze data in our Industry Sector blogs. The majority of the incidents affecting Entertainment organizations are fraud cases, occurring 61.5% across all incidents.

Given how few reported incidents involved IT sabotage or theft of IP, the following table focuses on the 5W1H (Who? What? When? Where? Why? How?) of fraud incidents. These calculations exclude instances where the data was unknown.

The majority of insider incidents in the Entertainment sector occurred due to fraud motivated by financial gain. These insiders were usually with the company for over five years, had access to accounts and data, and were full-time employees. With most of the insiders in trusted positions, they had the means and methods to commit their crimes with relative ease.

It's interesting that despite some of the insiders being employed in non-technical positions, two-thirds of them used skimming devices, a tool generally considered to be relatively technically sophisticated. In addition to using skimmers, the insiders tended to move their funds through wire transfers or they misused their access to move funds around.

We see many movies and TV shows that depict insider threat dramas; the industry is not immune to the consequences. We identified incidents of fraud, IP theft, and sabotage across the industry, including with content publishers.

Stay tuned for the next post, in which we feature Cross-Sector Analysis, or subscribe to a feed of the Insider Threat blog to be alerted when any new post is available. For more information about the CERT National Insider Threat Center, or to provide feedback, please contact insider-threat-feedback@cert.org.

Entries in the "Insider Threats Across Industry Sectors" series:

• Part 1: Insider Threat Incident Analysis by Sector
• Part 2: Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy
• Part 3: Insider Threats in the Federal Government
• Part 4: Insider Threats in Finance and Insurance
• Part 5: Insider Threats in State and Local Government
• Part 6: Insider Threats in Information Technology
• Part 7: Insider Threats in Healthcare
• Part 8: Insider Threats in Entertainment