When the company behind one of the most popular television shows of all time suffers a large-scale data breach, it has the effect of bringing cybersecurity to the forefront of the public’s mind.
HBO was recently the victim of a significant breach that led to 1.5 terabytes worth of data being exfiltrated from their network. This is a massive amount of data to be removed remotely and included media for upcoming episodes of the popular shows ‘Baller’ and ‘Room 104’ along with a variety of internal email correspondences and other important documentation. The crown jewel taken though however, was the script for an upcoming Game of Thrones episode, HBO’s flagship show.
A trend is developing that sees media companies such as HBO and Netflix becoming firmly set in cyber criminal’s crosshairs. There are several reasons that these types of organisations are now being targeted.
- Soft Target – They are an easier target compared to more traditional hacker targets – such as financial institutions and retail organisations. Organisations that directly handle financial information tend to have hardened their stance and improved their security making them a much harder proposition for hackers. Media organisations may not be as well prepared or may not have cyber-security as well engrained in their culture.
- Massive Revenues – With huge amounts of money at stake around the TV shows and films produced by media organisations they make a tempting target. Extortion and ransoming content (as attempted in the recent HBO breach) is a valid method of attack for hackers.
- Rabid Fanbase – The potential to have the fanbase of a popular show turn on the organisation is very real. If key plot points are spoilt the reputation of the organisation could be significantly damaged. This is another reason for media organisations to comply with the demands of hackers who have gained control of content.
There are a number of ways that organisations can protect themselves more effectively from hackers, although no defence will ever be perfect it is often enough to make it difficult for hackers so that they move on to another target or end up gaining access to information that is no longer relevant.
- Security Culture – Making sure that a security culture and awareness is fostered throughout the organisation will go a long way to mitigating social engineering issues that can be prevalent in large organisations. This is often the easiest way that a network is compromised.
- Testing – Seek the services of Security consultants who can perform ‘Ethical Hacking’ and penetration testing to test your organisation to find any vulnerabilities and areas that may have been overlooked.
- Encryption – Secure your internal documents. If a network is compromised and hackers are able to have access directly to company documents, one effective defence is having those documents secured through encryption. This will cause the attacker to have significant difficulties in gaining anything useful from the attack. This is especially true for media organisations who may gain enough time for the show or film to be released before it is leaked.
- Security Software/Devices – Implementing SIEM (Security Information and Event Management) software and similar security oriented software will help to notify you of suspect behaviour. As event in the HBO breach the attack was underway for a significant time. If the suspicious behaviour had been noticed than it is likely less data would have been stolen if any at all.
There are many other techniques and methods that can be used to mitigate cyberattacks, if you would like to learn more about Cyber-Security and protecting your organisation please contact the Agilent team for specialist advice.
The Agilent Team