Fans of the popular series Game Of Thrones had a good time looking for the recently leaked episodes ahead of the screening. Imagine if hackers managed to steal the entire Game of Thrones Season 7 episodes and put all of them up. Fans will be raving and studios will be fuming. Am sure they didn’t know how compromised their cyber security was until then.
HBO recently suffered a massive cyberattack, with hackers stealing 1.5 terabytes of data from inside its network, including upcoming episodes of shows such as Ballers and Room 104. But the crown jewel of the hack wasn’t even a video, it was the script to this Sunday’s episode of the wildly popular HBO series Game of Thrones. The network’s chairman and chief executive, Richard Plepler, confirmed the hack and called the recovery efforts “nothing short of herculean”.
He also said something more important, something that many people overlooked: “The problem before us is unfortunately all too familiar in the world we now find ourselves a part of.”
We often think of major data hacks as individual unrelated incidents, but when we step back and look at cybercrime as a whole, some very disturbing trends start to emerge. Last year alone, companies and individuals were targeted by an estimated 90 million cyberattacks globally — that’s more than 12 attacks per second. Just last month, Lloyd’s of London warned that a major global cyberattack could trigger more than $65 billion of economic losses. For comparison, the 1999 Sydney hailstorm — the most expensive natural disaster in Australian history — caused about $2.3bn in total damage.
Over the past decade, we’ve seen a significant evolution in the scale and sophistication of hacker organisations, along with the types of businesses they target. Historically, hackers tended to go where the money was, primarily targeting banks, merchants, retailers and other organisations that directly handled financial information and transactions, but as these organisations improved their security standards and began locking down their systems, hackers started looking for easier targets.
Trial by combat
With streaming services like Netflix and Hulu leading the way, the global entertainment industry is now worth about $2.7 trillion, equivalent to the combined value of the world’s top 10 banks. HBO by itself generates about $8bn in revenue, with Game of Thrones being its most popular series, it is no surprise that professional hacker groups are increasingly targeting major movie and television studios.
In 2014, a group of hackers known as the “Guardians of Peace” infiltrated Sony Pictures and spent at least two months inside its network copying critical files, stealing up to 100 terabytes of data. The group demanded that Sony halt the release of the major motion picture The Interview, threatening terrorist attacks and causing Sony to cancel the film’s premiere and mainstream release. Just a few months ago, Netflix was hit by a ransomware attack from “thedarkoverlord” hacker group, which ultimately leaked an upcoming season of Orange Is The New Black. Even HBO is no stranger to these types of attacks, with the first four episodes of season five of Game of Thrones leaking out to BitTorrent before the season premiere.
Where are dragons?
The entertainment industry needs to update its security model to reflect the reality of the modern IT ecosystem. Many organisations still focus on perimeter defences — firewalls, intrusion detection systems and network access control. But perimeter defences are only effective in protecting data inside the network. What happens if, as was the case with Sony, your network is compromised? And more importantly, how do you continue to protect the data once it leaves your network?
The good news is that all of the technologies needed to protect against these types of attacks are already available from companies like BlackBerry. Enterprise file synchronisation and sharing solutions are used by several entertainment companies to securely share encrypted files and control digital rights even after the files leave their network. Using secure communication solutions means it is safe to communicate with external parties over secure channels, be they email, text, phone or instant messaging. Unified endpoint management solutions are also key in centrally securing and controlling all IT endpoints, including desktops, laptops, mobiles or even IoT devices. And finally, cybersecurity consulting services can be used to assess an organisation’s defences, bringing “ethical hackers” into their environment to simulate a real-world attack.
If Game of Thrones has taught us anything, it’s that enemies will always try to find and exploit our biggest weaknesses, be they physical, mental or in this case digital. And just as in the hit HBO show, our goal isn’t to make our defences impenetrable, it’s to make them strong enough that hackers simply move on to easier targets. In the end, enterprises and individuals who adopt this approach to risk management will have the best chance to survive the digital winter.
The above article first appeared in The Australian on 8th August 2017 written by Alex Manea