Late in 2024, a major cyber attack made headlines as foreign actors compromised ISPs and other infrastructure operated by nine U.S. telecommunications companies. Not long after these attacks came to light, reports surfaced that major streaming networks like Netflix and Amazon Prime Video were home to almost six million accounts that were compromised as a result of malware, social engineering attacks, or some combination of both. Even popular video games aren’t exempt from cyber attacks, whether they’re the target or just the way in for bad actors using tactics like phishing.
While these threats are both unprecedented and escalating, tech leaders in the media, entertainment, and communications industries don't need to face them alone — or break the bank to do so. By implementing zero-trust architecture and strategically deploying AI, as well as leveraging DevSecOps best practices, they can elevate their cybersecurity functions from a largely reactive force to a proactive one.
Implement Zero-trust Architecture as a First Line of Defense
Zero-trust architecture is fast becoming the standard for most industries, but implementing it remains just over the horizon for many major media, entertainment, and communications organizations. In fact, a 2024 study found that CISOs in media and information services ranked zero-trust architecture tenth on their list of overall priorities, while CISOs from all other industries ranked it fourth, on average.
But for an industry like media and entertainment, in which remote work is now commonplace, large files are frequently shared internally during the production process, and consumers’ personal and financial data are often stored with varying degrees of security, zero-trust architecture can be a bulwark against bad actors. Netflix, for example, now requires its partners to maintain zero-trust architecture and industry-standard perimeter protection across their networks.
Telecommunications companies, too, are still behind the proverbial eight ball when it comes to strategies like zero-trust architecture. In fact, researchers from Florida State University identified “119 vulnerabilities in LTE/5G core infrastructure, each of which can result in persistent denial of cell service to an entire metropolitan area or city and some of which can be used to remotely compromise and access the cellular core.” While these vulnerabilities wouldn’t be mitigated by zero trust alone, organizations that implement it will be much less likely to suffer the kind of breaches that lead to service outages and customer information leaks.
Industry Insights: Cybersecurity in Media, Entertainment, Communications and Telecommunications
Our 2025 Technology Leadership Pulse Survey found that tech leaders from the media, entertainment, and communications industries more or less align with their peers in other industries when it comes to cybersecurity priorities and investments — with a few key differences.
- Leaders in the media, entertainment, and communications sectors are more than twice as likely as their peers in all other industries to cope with smaller cybersecurity budgets. Almost 29% of tech leaders in these sectors said cybersecurity spending accounts for just 5-7% of their overall IT budget, compared to around 15% of all others who said the same.
- Organizations in the media, entertainment, and communications space are less likely than all others to say they’re investing in managed security services. Instead, they’re spending slightly more than average on identity and access management (IAM) and threat intelligence platforms.
- Just 10% of leaders from companies in this sector said they’re focused on enhancing cybersecurity, compared to 15% of those from all other industries. Instead, they’re focused on Implementing AI, improving processes, developing new products, and reducing costs.
Deploy AI to Detect and Combat Emerging Threats
While many tech leaders have struggled to find worthwhile use cases for AI to date, cybersecurity presents one of the clearest opportunities for deploying machine-learning-powered solutions. In fact, 17 of the top 32 security providers are already deploying AI use cases, and that number is likely to grow substantially over the coming years.
Leading AI-powered cybersecurity solutions offer the ability to ingest reams of data — systems logs, network traffic, user actions, and more — then analyze patterns, detect anomalies, and render real-time alerts. This can deliver far greater network and user surveillance than any existing team of cybersecurity professionals could possibly achieve — potentially reducing cybersecurity teams’ manual workload by up to 60%.
While no AI solution will replace a team of skilled and dedicated cybersecurity professionals, it can augment their efforts, enabling them to detect and respond to more threats with fewer resources. In today’s era of shrinking technology budgets, that’s a selling point few tech leaders in any industry can overlook.
Become Proactive — Not Reactive — by Leveraging DevSecOps
Clearly, the threat landscape in media, entertainment, and telecommunications is changing and evolving faster than ever. Organizations need to leverage every tool at their disposal to anticipate threats and security challenges at every stage of the development process. This is where DevOps and DevSecOps can add tremendous value. While DevOps merges software development (Dev) and operations (Ops) to shorten development cycles and increase agility, DevSecOps makes security (Sec) a focal point of the dev process from the start, rather than as an afterthought to be addressed after deployment.
The value of DevSecOps may seem obvious, especially given the scope of threats organizations in the industry face today. But GitLabs’ 2024 Global DevSecOps Survey found that 64% of DevSecOps professionals in the telecom industry said that they had: “a difficult time getting the development team to prioritize remediation of vulnerabilities, compared to 59% across all industries.”
Clearly, some telecom providers have some catching up to do.
On the media and entertainment side, Netflix provides a powerful case study for the value of DevSecOps. The streaming giant once blazed a trail by using DevOps to great effect, enabling its AWS-powered global infrastructure to handle massive surges in streaming viewers. Now, Netflix leverages DevSecOps to keep that same network secure and to anticipate threats before they arise by baking threat modelling, code analysis, vulnerability testing, and more into the dev process from end to end.
Takeaways for Tech Leaders
Organizations in the media, entertainment, and communications sectors face threats that are growing in scope and velocity, ranging from AI-powered attacks to surgical strikes on key infrastructure. To protect their customers, their data, and their brands, companies in the space will have to use every tool and process available, ranging from DevSecOps to AI-powered vendor solutions to more fundamental approaches, like implementing zero-trust architecture.
But as new threats emerge and bad actors become emboldened by greater access to more powerful AI tools, complacency may prove to be just as dangerous as the threats themselves. After all, there’s no such thing as “done” when it comes to cybersecurity — and there likely never will be.
Ready to learn more about the latest in cybersecurity, AI, tech talent, operational efficiency and more? Visit our resources page today to stay up to date on the latest developments and insights.