(Note: this blog first appeared as an article in the newspaper, The Australian.) Early last week HBO suffered a massive cyberattack, with hackers stealing 1.5 terabytes of data from inside their network, including upcoming episodes of shows like Ballers and Room 104 and thousands of internal documents. But the crown jewel of the hack was the script to this past Sunday’s episode of the wildly popular HBO series, Game of Thrones. The network’s chairman and CEO Richard Plepler confirmed the hack and called the recovery efforts “nothing short of herculean,” but he also said something much more important, something that many people overlooked:
“The problem before us is unfortunately all too familiar in the world we now find ourselves a part of.”
Over the past decade, we’ve seen a significant evolution in the scale and sophistication of hacker organizations, along with the types of businesses that they target. Historically, hackers tended to go where the money was, primarily targeting banks, merchants, retailers and other organizations that directly handled financial information and transactions. But as these organizations improved their security standards and began locking down their systems, hackers started looking for easier targets whose assets were just as valuable.
In 2014, a group of hackers known as the “Guardians of Peace” infiltrated Sony Pictures and spent at least 2 months inside their network copying critical files, stealing up to 100 terabytes of data. The group demanded that Sony halt the release of the major motion picture The Interview, threatening terrorist attacks and causing Sony to cancel the film’s premiere and mainstream release. Just a few months ago, Netflix was hit by a ransomware attack from “thedarkoverlord” hacker group, which ultimately leaked an upcoming season of the hit show Orange Is The New Black. Even HBO is no stranger to these types of attacks, with the first four episodes of Season 5 of Game of Thrones leaking out to BitTorrent before the season premiere.
Where Are My Dragons?
The entertainment industry (along with most other enterprises) needs to update its security model to reflect the reality of the modern IT ecosystem. Many organizations still focus on perimeter defenses – firewalls, intrusion detection systems and Network Access Control. But perimeter defenses are only effective in protecting data inside the network. What happens if, as was the case with Sony, your network is compromised? And more importantly, how do you continue to protect the data once it leaves your network?
The good news is that all of the technologies needed to protect against these types of attacks are already available from companies like BlackBerry. Enterprise File Synchronization and Sharing solutions let you securely share encrypted files and control digital rights even after the files leave your network. Secure Communication solutions let you communicate with external parties over secure channels, be they email, text, phone or instant messaging. Unified Endpoint Management solutions let you centrally secure and control all of your IT endpoints, including desktops, laptops, mobile or even IoT devices. And finally, Cybersecurity Consulting services can help to assess your defenses, bringing “ethical hackers” into your environment to simulate a real-world attack.
If Game of Thrones has taught us anything, it’s that enemies will always try to find and exploit our biggest weaknesses, be they physical, mental or in this case digital. And just as in the hit HBO show, our goal isn’t to make our defenses impenetrable, it’s to make them strong enough that hackers (of both the axe and keyboard variety) simply move on to easier targets. In the end, enterprises and individuals who adopt this rational and economic approach to risk management will have the best chance to survive the digital winter.