Industry Insights: Understanding today’s broadcast cybersecurity vulnerabilities

As broadcast operations continue their shift toward IP-based, cloud-connected and distributed workflows, cybersecurity risks have moved closer to the core of live production and playout.

Systems once isolated inside facilities now rely on software-driven networks, remote access and hybrid infrastructure that introduce new vulnerabilities alongside new capabilities.

In this first part of this three-part Industry Insights roundtable on cybersecurity, broadcast technology vendors and security specialists examine where the most common risks are emerging and how the threat landscape has evolved as broadcasters adopt IP, cloud and hybrid workflows. The discussion focuses on unmanaged devices, legacy systems, visibility gaps and architectural challenges that can expose live operations and high-value media assets if left unaddressed.

Key takeaways from this Industry Insights roundtable

• Expanded attack surface: IP-based and cloud-connected workflows exposed broadcast systems to enterprise-style cyber threats while increasing operational complexity.
• Legacy systems persist: Aging hardware, flat networks and proprietary devices continued to create vulnerabilities that modern IT tools do not always address.
• Visibility gaps grow: Distributed and hybrid environments made it harder to monitor device behavior, data movement and access across workflows.
• IT assumptions fall short: Traditional enterprise security models often failed to align with the timing-sensitive demands of live media production.
• Architecture matters: Many broadcasters began treating security as a foundational design requirement rather than a bolt-on control.

What are the most common cybersecurity vulnerabilities in today’s broadcast environments, and how are organizations addressing them?

Jamie Horner, SVP, corporate strategy, Providius: Unmanaged proprietary devices running non-standard operating systems and atypical network protocols remain the most common vulnerabilities in broadcast environments. Many networks are still flat and lack proper segmentation, making lateral movement easy once an endpoint is compromised. Addressing this requires continuous visibility and verification at the operational layer, not just IT-centric perimeter defenses.

Max Eisendrath, CEO and founder, Redflag AI: Broadcast environments often rely on outdated encoders, weak CDN configurations, and shared credentials that create points of compromise. Redflag helps close these gaps through embedded watermark telemetry and automated detection at the stream and delivery layers.

Crystal Pham, VP, operations and program management, TPN: The most common cybersecurity vulnerabilities today include application security gaps, improper firewall management, weak identity controls, unpatched software and third-party risk. Organizations are addressing these by adopting risk-based vulnerability management, proactive patch management, strengthening identity and access controls, and proactively managing third party risk. Many are also aligning their programs with industry standards such as the MPA Content Security Best Practices and conducting TPN Assessments, which provide a structured and standardized way to identify gaps, understand compensating controls, assess third party risk and drive continuous remediation across their broadcast and post-production operations. 

Simon Parkinson, managing director, Dot Group: The shift to hybrid cloud and distributed workflows has created visibility gaps where sensitive media assets traverse multiple environments without centralized oversight. Broadcasters are addressing this through real-time monitoring solutions that track data access patterns and user activities across databases, cloud platforms and SaaS applications. The key is moving from reactive security to proactive protection, detecting anomalous behavior and automatically intervening before sensitive content is exposed.

Stephan Würmlin Stadler, VP, product, Appear: Broadcast environments face growing risks as legacy, on-premise systems intersect with increasingly IP-native and cloud-connected workflows. This creates gaps where misconfigured devices, poor segmentation and non-media aware firewalls leave both live and file-based content exposed. Broadcasters are responding by strengthening protections at the network edge, deploying media specific firewalls, encrypting content as it moves, and locking down both the data and control planes through stronger authentication and tighter access control to prevent unauthorized access and stream tampering.

Advertisement

Michael Benda, chief security officer, Big Blue Marble: Broadcasters today face vulnerabilities rooted in legacy technology, weak identity controls, insufficient network segmentation, misconfigured cloud environments and limited monitoring of production systems. To mitigate these risks, many organizations are adopting zero-trust architectures, segmenting corporate, production, playout and cloud environments, and enforcing strong identity measures such as SSO, MFA and role-based access control with dedicated privileged accounts for critical systems. They are also investing in centralized logging, SIEM and endpoint detection and response (EDR) tuned to broadcast workflows, often within an ISO 27001- and NIS2-aligned security framework.

Sergio Ammirata, Ph.D., founder and chief scientist, SipRadius: The biggest vulnerabilities are not in the encryption at all, they are in the devices that sit quietly in the chain with unpatched operating systems, forgotten backdoors, or passwords stored in clear text. Broadcasters often assume a workflow is secure because the stream is encrypted, while completely ignoring the hardware and virtual machines that handle it. The organizations making real progress are the ones treating every device, switch, and relay as a potential entry point and verifying each one instead of trusting labels like “secure.”

How has the shift toward IP-based and cloud-connected workflows changed the threat landscape for broadcasters?

Jamie Horner, SVP, corporate strategy, Providius: The move to IP and cloud workflows has expanded the attack surface from isolated baseband systems to interconnected, software-driven environments. Broadcasters now face the same exposure as enterprise IT, but with real-time, latency-sensitive systems that can’t tolerate disruptive security tools. This shift requires operational defense, continuous verification of device behavior, and network trust, all without disrupting live production traffic or control.

Max Eisendrath, CEO and founder, Redflag AI: As broadcasters move to IP-based and cloud connected workflows, the attack surface now includes APIs, virtualized routers, and remote management consoles. Redflag’s watermark and monitoring stack secures these distributed networks by linking every feed to a verifiable identity.

Crystal Pham, VP, operations and program management, TPN: The shift to IP-based and cloud-connected workflows has greatly expanded the attack surface, as more systems, devices, and data are now accessible over the internet, which exposes organizations to new risks like cloud misconfiguration, API vulnerabilities, third-party supply-chain attacks, and unsecure remote connections. To address this, broadcasters are adopting a combination of modern security approaches: strengthening identity and access governance, implementing robust cloud-native controls, improving network segmentation, and enforcing secure configuration management. Continuous monitoring, endpoint protection, and regular vulnerability scanning also play a critical role.

Simon Parkinson, managing director, Dot Group: IP-based workflows have fundamentally expanded the attack surface, with data now moving across networks that were never designed with broadcast-grade security in mind. The traditional perimeter has dissolved, meaning broadcasters must secure data in transit with robust encryption whilst maintaining comprehensive audit trails of who accessed what content and when. This requires solutions that understand both the speed requirements of broadcast operations and the security demands of protecting high-value intellectual property.

Ned Pyle, enterprise storage technical officer, Tuxera: IP-based workflows expose port 445 to networks that traditionally blocked it — the internet, DMZs, and cloud tenant boundaries. This creates two problems: security teams blocking access entirely, or organizations accepting unnecessary risk to maintain productivity. SMB over QUIC solves both by tunneling file sharing through UDP/443, the same port as HTTPS, making hybrid cloud deployments and edge connectivity architecturally simple whilst maintaining enterprise-grade security standards that wouldn’t be acceptable with traditional TCP-based approaches.

Stephan Würmlin Stadler, VP, product, Appear: Full IP and cloud production has transformed broadcasting from a closed, predictable ecosystem into one in which content and control traffic traverse multiple networks and geographies. That expanded attack surface means even minor misconfigurations or weak boundaries can disrupt live workflows or expose high-value assets. As a result, broadcasters are now treating security as a core architectural requirement, creating strict trust boundaries, authenticating every flow, and relying on real-time, media-aware firewalling instead of retrofitted and generic IT security tools.

Michael Benda, chief security officer, Big Blue Marble: The transition from closed SDI infrastructures to IP-based and cloud-connected workflows has fundamentally reshaped broadcasters’ exposure to cyber risk. Production and playout networks built on standards such as SMPTE ST 2110 now face classic network threats — from stream hijacking and tampering to denial-of-service attacks — while cloud-hosted editing, storage and distribution, combined with remote and distributed production, increase the attack surface through misconfiguration, exposed APIs and unmanaged endpoints. At the same time, IP and cloud enable stronger controls such as fine-grained access, detailed logging and automated configuration checks, so more broadcasters are embracing security-by-design and embedding these protections from the start of new projects.

Damien Sterkers, VP, products and solutions marketing, Broadpeak: A major axis of development for video processing and delivery systems is the addition of dynamic access to advanced cloud resources managed by specialized external companies, on top of the fundamental system functions. Adopting a cloud service approach enables fast and flexible testing and deployment of complex value-added features. This allows streaming service operators to focus on their core business without having to worry about initial investment, risks or time-to-market pressures.

Sergio Ammirata, Ph.D., founder and chief scientist, SipRadius: Moving timing, routing, comms, and content onto public or semi-public networks has brought broadcasters into the same threat profile as any enterprise that handles high-value data. A single encoder left unprotected on a remote site, or a VM running an outdated Linux OS, now becomes a doorway into an entire production chain. The shift has expanded the threat surface far beyond the old machine room, and attackers know it.

What are the most common issues you see in the broadcast and media sector?

Jamie Horner, SVP, corporate strategy, Providius: The most common issues are unmanaged devices, flat network designs, and limited visibility into how equipment behaves on the wire. Many organizations still rely on traditional IT assumptions that don’t apply to real-time, timing-sensitive media systems, leaving operational risks undetected. Without continuous verification of device integrity and network trust, minor faults or misconfigurations turn into service-impacting incidents.

Advertisement

Max Eisendrath, CEO and founder, Redflag AI: The sector still struggles with unencrypted contribution links, unmanaged restreaming, and limited visibility across social platforms. Unified watermarking, monitoring, and takedown workflows provide the transparency broadcasters need to stay ahead of leaks.

Stephan Würmlin Stadler, VP, product, Appear: One of the most persistent challenges is the reliance on aging systems and generic IT security tools that were never designed for the demands of live media. This mismatch creates vulnerabilities around flow control, redundancy and timing, areas in which even small failures can take a service off air. Many organizations also struggle with fragmented security models, with different sites or cloud partners enforcing inconsistent policies.

Michael Benda, chief security officer, Big Blue Marble: A recurring challenge is the perception that cybersecurity is an “IT issue” rather than a direct broadcast risk, so many organizations still underestimate how incidents can disrupt live programming, compromise content integrity or damage audience trust. Legacy studio and playout technologies running on outdated or proprietary platforms with limited hardening options, combined with fragmented governance across engineering, editorial, IT and product teams, create gaps in oversight and inconsistent security practices. Although broadcasters operate around the clock, security monitoring and incident response capabilities do not always match that 24/7 requirement, leaving critical media workflows under-monitored.

Sergio Ammirata, Ph.D., founder and chief scientist, SipRadius: One of the biggest issues is that many organizations still depend on large public cloud platforms and assume those services will always be available, even as we have seen major outages bring entire operations to a halt. Broadcast workflows cannot afford that level of dependency, especially when timing, contribution, and playout all rely on uninterrupted connectivity. More companies are now recognizing that private cloud gives them the ability to control their own infrastructure, guarantee stability, and keep critical operations running regardless of what happens elsewhere on the internet.