icon-carat-right menu search cmu-wordmark

Insider Threats in Entertainment (Part 8 of 9: Insider Threats Across Industry Sectors)

Mark Dandrea Headshot of Carrie Gardner
PUBLISHED IN
Insider Threat
CITE

The Entertainment Industry is the next spotlight blog in the Industry Sector series. Movie and television producers have long entertained the public with insider threat dramas such as Jurassic Park, Office Space, or the more recent Mr. Robot. These dramas showcase the magnitude of damage that can occur from incidents involving our assumed good, trusted employees. Yet as we discuss in this post, movie producers and the entertainment industry are not immune from experiencing such incidents.

According to a SelectUSA article, the Entertainment industry is expected to be valued at $830 billion by 2022. This sector poses a prized target for malicious actors. From areas such as music, film, video gaming, theater, and hospitality, there are multiple sub-sectors within the industry that require unique and individual attention for identifying insider threats and preventing insider incidents.

Of the 26 Entertainment malicious insider threat incidents in our case corpus, we identified 26 related victim organizations. Within the 26 Entertainment organizations, we identified 18 organizations classified as "Hotels, Amusement, Gambling, and Restaurants," and the remaining 8 are classified as "Content Publishers," such as media producers for TV and web services. Perhaps surprisingly, two of the subsectors under Entertainment did not have any recorded insider incidents: "Performing Arts and Spectator Sports" and "Art, Museums, and Historical Sites."

Bar chart illustrating types of entertainment organizations impacted by insider threat incidents and the number of organizations that were victims.

In addition to the 26 incidents where the organizations directly employed the insider, we identified 11 organizations involving a trusted business partner relationship (e.g., contractor or temporary employee).

Pie chart illustrating the victim organization's relationship to the insider. 30% were trusted business partners, and 70% were permanent employees.

Sector Overview

Insider incidents in the Entertainment sector contain all three of the case types (fraud, IT sabotage, and theft of intellectual property [IP]) we used to analyze data in our Industry Sector blogs. The majority of the incidents affecting Entertainment organizations are fraud cases, occurring 61.5% across all incidents.

Bar chart illustrating the type of insider incident and the number of incidents per case type.

Sector Characteristics

Given how few reported incidents involved IT sabotage or theft of IP, the following table focuses on the 5W1H (Who? What? When? Where? Why? How?) of fraud incidents. These calculations exclude instances where the data was unknown.

Infographic outlining the Who, What, When, Where, How, and Why of insider fraud incidents in the entertainment sector.

Analysis

The majority of insider incidents in the Entertainment sector occurred due to fraud motivated by financial gain. These insiders were usually with the company for over five years, had access to accounts and data, and were full-time employees. With most of the insiders in trusted positions, they had the means and methods to commit their crimes with relative ease.

It's interesting that despite some of the insiders being employed in non-technical positions, two-thirds of them used skimming devices, a tool generally considered to be relatively technically sophisticated. In addition to using skimmers, the insiders tended to move their funds through wire transfers or they misused their access to move funds around.

Final Thoughts

We see many movies and TV shows that depict insider threat dramas; the industry is not immune to the consequences. We identified incidents of fraud, IP theft, and sabotage across the industry, including with content publishers.

Stay tuned for the next post, in which we feature Cross-Sector Analysis, or subscribe to a feed of the Insider Threat blog to be alerted when any new post is available. For more information about the CERT National Insider Threat Center, or to provide feedback, please contact insider-threat-feedback@cert.org.

Entries in the "Insider Threats Across Industry Sectors" series:

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed