Skip to main content

Cyber Security: Mediaocean’s strategy for protecting people, process and systems

July 31, 2017

The May WannaCry attack and the June Petya attacks have received a great deal of news coverage, and advertising and ad-tech companies were among those majorly disrupted by these attacks.  Agencies and software vendors that did not have a robust security program were particularly vulnerable and some were hit very hard.

WannaCry and Petya are not isolated incidents, but rather well-publicized examples of a rapidly growing threat to global businesses.  For years, these types of cyber-attacks have been on the upswing and by 2021, cyber-crime damages could cost companies $6 trillion with security measures exceeding $1 trillion.  In this environment it is crucial to have a comprehensive program to deal with these threats.

Mediaocean has a well-established and comprehensive information security program to cover people, processes and systems, and includes policies that reflect the organization’s commitment to information security.  Our policies are applied globally and are focused on ensuring the confidentiality, integrity, and availability of our assets – including customers’ and business partners’ assets in our care.  Any vendor that cannot demonstrate this same commitment is putting its customers at risk.

Any comprehensive program must cover people, process and systems.  This is how we think about it:

  • People
    • Human Resources are the most vulnerable part of any company when it comes to cyber-crime.
    • 100% of new Mediaocean employees receive comprehensive security awareness training during orientation.
    • 100% of employees are required to take an annual security awareness update training.
    • All training is validated through a security awareness examination.
  • Processes
    • Security Incident Response Process (SIRP)
      • We have implemented a formalized Security Incident Response Process (SIRP) to ensure that any security incident, is managed and reported consistently throughout the enterprise.
      • We also maintain an incident retainer with an outside firm for additional support should it ever be required.
    • Monitoring
      • Mediaocean subscribes to and monitors external resources, including Microsoft, McAfee, Red Hat advisories, OWASP, NIST, SANS, and DoD to identify technological changes and security vulnerabilities, and to assess their effect on internal systems.
    • Independent assessment of the information security program
      • For more details on Mediaocean’s information security controls, please request a copy of our briefing. Our controls are independently audited and SOC1 (SSAE18 / ISAE3402) and SOC2 Type 2 reports are available. The SOC2 report covers criteria for Security, Availability, Processing Integrity, and Confidentiality.
  • Systems
    • Mediaocean has rolled out a comprehensive Vulnerability and Patch Management program utilizing industry leading products.
      • Monthly and quarterly Patch Management checks verify that patches have been reviewed and critical patches have been installed.
      • Internal vulnerability scans and threat assessment against production systems run on a weekly basis.
      • External application penetration tests and security assessments are conducted annually.
      • Static Code analysis is performed to verify we are not introducing vulnerabilities into our applications.
      • Code analysis checks are performed against all vulnerabilities in the OWASP top 10.
    • Endpoint Security
      • Mediaocean limits ports, protocols, and services over customer connections.
      • Endpoint protection for disk encryption and malware prevention uses industry leading products.
      • Spam and web content filtering solutions have been implemented to limit attack vectors onto the Mediaocean network.
      • We monitor suspect IP addresses and look for other indicators of compromise associated with malware.
    • Backup/Recovery/BCP&DRP
      • Mediaocean continuously verifies critical systems, including our production application systems, and files always have backups.
      • We have implemented a comprehensive backup & recovery strategy.
      • We test our Business Continuity and Disaster Recovery program annually.

 

For more information on Mediaocean’s Cybersecurity program please contact your Strategic Account Director.