Game of Pwns: Security lessons from the HBO hack

Guest written by Alex Manea, Security Director, BlackBerry.

Early last week HBO suffered a massive cyberattack, with hackers stealing 1.5 terabytes of data from inside their network, including upcoming episodes of shows like Ballers and Room 104 and thousands of internal documents. But the crown jewel of the hack was the script to this past Sunday’s episode of the wildly popular HBO series, Game of Thrones. The network’s chairman and CEO Richard Plepler confirmed the hack and called the recovery efforts “nothing short of herculean,” but he also said something much more important, something that many people overlooked: “The problem before us is unfortunately all too familiar in the world we now find ourselves a part of.”

Winter Is Coming

We often think of major data hacks as individual unrelated incidents, but when we step back and look at cybercrime as a whole, some very disturbing trends start to emerge. Last year alone, companies and individuals were targeted by an estimated 90 million cyberattacks globally – that’s over 12 attacks per second. Just last month, Lloyd’s of London warned that a major global cyberattack could trigger over $50 billion of economic losses. For comparison, Hurricane Katrina – the costliest natural disaster in North American history – caused just over $100 billion in total damage.

Over the past decade, we’ve seen a significant evolution in the scale and sophistication of hacker organizations, along with the types of businesses that they target. Historically, hackers tended to go where the money was, primarily targeting banks, merchants, retailers and other organizations that directly handled financial information and transactions. But as these organizations improved their security standards and began locking down their systems, hackers started looking for easier targets whose assets were just as valuable.

Trial By Combat

With streaming services like Netflix and Hulu leading the way, the global entertainment industry is now worth around $2 trillion, equivalent to the combined value of the world’s top 10 banks. HBO by itself generates over $6 billion in revenue, with Game of Thrones as its most popular series, so it’s no surprise that professional hacker groups are increasingly targeting major movie and television studios.

In 2014, a group of hackers known as the “Guardians of Peace” infiltrated Sony Pictures and spent at least 2 months inside their network copying critical files, stealing up to 100 terabytes of data. The group demanded that Sony halt the release of the major motion picture The Interview, threatening terrorist attacks and causing Sony to cancel the film’s premiere and mainstream release. Just a few months ago, Netflix was hit by a ransomware attack from “thedarkoverlord” hacker group, which ultimately leaked an upcoming season of the hit show Orange Is The New Black. Even HBO is no stranger to these types of attacks, with the first four episodes of Season 5 of Game of Thrones leaking out to BitTorrent before the season premiere.

Where Are My Dragons?

The entertainment industry (along with most other enterprises) needs to update its security model to reflect the reality of the modern IT ecosystem. Many organizations still focus on perimeter defenses – firewalls, intrusion detection systems and Network Access Control. But perimeter defenses are only effective in protecting data inside the network. What happens if, as was the case with Sony, your network is compromised? And more importantly, how do you continue to protect the data once it leaves your network?

The good news is that all of the technologies needed to protect against these types of attacks are already available from companies like BlackBerry. Enterprise File Synchronization and Sharing solutions let you securely share encrypted files and control digital rights even after the files leave your network. Secure Communication solutions let you communicate with external parties over secure channels, be they email, text, phone or instant messaging. Unified Endpoint Management solutions let you centrally secure and control all of your IT endpoints, including desktops, laptops, mobile or even IoT devices. And finally, Cybersecurity Consulting services can help to assess your defenses, bringing “ethical hackers” into your environment to simulate a real-world attack.

If Game of Thrones has taught us anything, it’s that enemies will always try to find and exploit our biggest weaknesses, be they physical, mental or in this case digital. And just as in the hit HBO show, our goal isn’t to make our defenses impenetrable, it’s to make them strong enough that hackers (of both the axe and keyboard variety) simply move on to easier targets. In the end, enterprises and individuals who adopt this rational and economic approach to risk management will have the best chance to survive the digital winter.

Comments

Comments