The Cybersecurity Unit is tasked with information security management. It defines and organises actions in close coordination with the various departments in order to guarantee a secure environment for information and data processing relevant to management and production operations.
The scope of the cybersecurity support service extends to Group companies based on their nature , especially those with a shared technological infrastructure. It is managed and run on a centralised basis out of the technical departments of AtresmediaTech, TV and Radio Engineering in San Sebastián de los Reyes.
In order to guarantee the quality of the Group’s services and the security of its information, Atresmedia considers it essential to have a robust cybersecurity system in place. This is because there are currently several factors that could significantly affect the Company and its activities, most notably:
- Closely interrelated risk.
- Wide variety of threats (cybercrime, cyberactivisim, cyberterrorisim, etc).
- Wide-ranging and technoligically diverse connectivity.
- Complez and extensive organisations.
- Complex and diverse supply chain.
- Extensive and varied IT (Information Technology) and OT (Operations Technology) infrastructure.
- Emerging regulatory requirements.
Atresmedia also happens to have an IT Security Model specifically designed for the Group. The model is regularly reviewed and is able to continuously evolve in response to a highly complex and constantly changing context with regard to cyber threats and the Group’s new areas of activity. The main features of the model are as follows:
•It has an organisational model that involves the management bodies and senior management.
•It features resilient managed security, with controls focused on protection, detection and response.
•It covers the field of information technology (IT) and the digital environments of television and radio.
•It focuses on the core principles of security: confidentiality, integrity and uptime.
•It fosters co-operation with organisations that are benchmarks in the field of information security.
Atresmedia operates a corporate IT security policy that embodies and showcases its commitment to security, information and the systems that support this, all of which are considered strategic assets for the group
The IT Security Model is part of the broader Corporate Security Policy, which sets out the policies, standards and procedures that enable the relevant controls to be defined, implemented and monitored. The model is based on a process of continuous improvement and regular updates.
The security measures and technologies applied by Atresmedia are grouped into the concepts of protection, detection and response, each with its own scope, such as cloud, workstation, servers, storage and communications.
The model has a number of security features and requirements, most notably:
1. Cybersecurity support services, including:
- Technical security office.
- Continuous infrastructure monitoring process.
- Vulnerability analysis and management.
- Security Operations Centre (SOC), tasked with monitoring, early detection and incident management.
2. Registration Authority, meaning the registered and authorised authority responsible for issuing, overseeing and controlling digital certificates.
3. Incident management.
4. Geopolitical conflicts, which keeps close track of current international conflicts, such as the Russia-Ukraine war, reviews the risks to which Atresmedia is exposed when broadcasting opinions, and draws up action plans with the technical measures duly defined and implemented.
5. Cyber Guru, which provides a platform for phishing and smishing campaigns to improve employee awareness and training.
6. Digital surveillance, which includes the detection of external threats such as brand abuse, domain squatting, data leakage, identity theft and VIP profiles.
7. Cybersecurity policy, which covers technical, operational, legal, reputational and third-party damage.
In addition, cyber technology risks could have reputational or operational implications for Atresmedia Group. In strategic terms, cybersecurity is managed in a proactive, vigilant and resilient manner in a bid to add value across all levels of the organisation, paying close attention to all aspects related to brand reputation due to the potential impact of cybersecurity threats on the brand.
Artificial intelligence (AI)
Recent and emerging developments in the field of AI have generated considerable debate, information-sharing and uncertainty over its use and likely impact. For Atresmedia, AI is a tool that can bring innumerable benefits if used responsibly, on the clear understanding that if it is not managed properly it could carry certain unwanted dangers and risks.
The Group has analysed how best to incorporate different AI tools and their respective implications, in order to establish its vision and stance as a company with regard to their responsible use. Atresmedia has also made progress in defining an implementation plan based on the development of specific use cases that deliver competitive advantages and effective results both at an operational level for the different areas of the company and for the Group as a whole and the society in which it is present. Moreover, a Group-wide guideline has been drawn up on the limited and responsible use of AI applications in the professional environment, thus ensuring a consistent approach to AI throughout the Group. In order to adapt to this new environment, in December 2023 Atresmedia approved a new Policy on the Use of Artificial Intelligence and Related Technologies.
For all these reasons, and always taking this policy as a reference point to mitigate the possible associated risks, it is believed that the use of AI tools has huge potential in helping to further optimise the business and its processes. Atresmedia pays close attention to this policy when implementing AI tools in business and corporate areas, thus ensuring their proper use.