In early December 2020, news broke that software provider SolarWinds was the victim of “a highly sophisticated, targeted and manual supply chain attack by an outside nation state.” By compromising the company’s signature product, Orion, the resultant breach affected hundreds of companies and government agencies, marking it as one of the most significant and damaging cyber-security attacks to date.
As an IT management software designer, SolarWinds plays a significant role in many major companies and agencies’ infrastructure. The Orion platform itself is well known for its wealth of integrations, simplifying administrators’ complex roles and unifying many different processes under one UI. Because of this, the hack proved devastating.
As an ever-increasing number of businesses are affected by the breach and many more look to understand how the attack was executed, it’s worth asking what this means for the media and entertainment industry. How do organizations protect their media supply chains when bad actors are eager to turn crucial software into a weapon, and what you can do right now?
FTP and the Risks to Your Content Supply Chain
Almost immediately after the SolarWinds attack, many companies were reminded once again to take a closer look at their own infrastructure and processes. Some scrambled to distance themselves from SolarWinds, others just reacted by moving security to the top of their priority list.
While the details of the hack are still being investigated, allegedly the entry point is tied to FTP. In this case, it may have been a careless storing of an FTP server password, but it seems every time we learn about a new hack, the three letters F-T-P are always somewhere at the crime scene. Which begs the question, why are so many companies still relying on FTP when it can lead to gaping security holes? Despite being decades old, the protocol is one of the most common tools companies use to move content. It’s also, perhaps, their most common Achilles heel.
A Safer, Modern Alternative
FTP replacement remains one of the top reasons so many companies turn to Signiant, a trend that’s only grown in the weeks since this last attack. As commonplace as FTP is, its popularity results from its legacy status rather than its effectiveness. In fact, FTP is often an ill-fitting solution to file transfer needs, particularly in M&E, and often proves to be a security risk.
This is why many production companies and broadcasters have taken to banning FTP from their supply chains entirely.
“In the large companies we hear from, their IT leaders have been pushing to replace FTP for years due to content supply chain security concerns,” wrote Signiant CMO, Jon Finegold in 2019. Unfortunately, many managers worry that, because FTP is so deeply embedded in their workflows, extricating themselves from it and onboarding a new solution will take too much time.
Signiant addresses this for organizations, so it doesn’t have to be the case. Not only is stepping away from FTP for modern alternatives easier than they’d imagined, but the benefits of doing so — especially with regards to thwarting hackers — are beyond what they’d considered.
Replacing FTP with a modern solution has many benefits from speed, reliability, ease of administration and more but security is often the catalyst that has led so many media companies to retire FTP but none regret that move.
The Nine Pitfalls of Relying on FTP to Move Large Media Files has more helpful information about the challenges of FTP and solutions to overcome them.