In a year that has been plagued by cyberattacks, HBO is just the latest high-profile victim.
Hackers targeting HBO recently stole up to 1.5 terabytes
of sensitive information, reportedly including a script for a future episode of “Game of Thrones.” In a recent article
, Mashable writer Jack Morse cleverly compared 1.5 terabytes to equivalents such as 694,444 floppy disks, 1.5 million square miles, and 375,000 compressed songs. No matter what comparison helps you understand the magnitude of the data stolen, it’s clear this breach is impactful.
Even as the hackers continue to leak or threaten to leak stolen information, the response from HBO has been forceful. And regardless of whether you’re an HBO fan, this attack requires your attention, too.
What Makes the HBO Hack Different?
In the wake of 2017 cyberattacks on hospitals and power plants, an attack on HBO might seem minor. But it has several unique features that reveal just how complex and uncertain the future of cybersecurity is.
First and foremost is how aggressively and specifically HBO was targeted. Recent attacks like Petra and WannaCry used a broader, more anonymous strategy to identify possible targets based on certain vulnerabilities. What those attacks lacked in sophistication, they made up for in scale. The HBO hack, by contrast, homed in on a single company and sought a very specific type of data, exhibiting not only greater attack sophistication but also a more refined extortion technique.
In this case, hackers stole HBO’s intellectual property (IP) — upcoming episodes and scripts, as well as emails — demonstrating the hacker’s understanding that a company’s IP is the single most valuable asset it has. We tend to think of hackers stealing credit card numbers or medical records for monetization on the “dark web,” but the most sensitive data is often unstructured data. While a television script isn’t the same as a credit card number, the potential financial gain from targeting more unstructured IP is something hackers are now exploiting. The attackers’ focus on HBO’s IP in unstructured data represents a noteworthy shift in monetization tactics — thieves are moving from broadly executed attacks, with relatively small ransoms, to targeted attacks for much larger sums.
Avoid Similar Cybersecurity Mistakes
Even if you’re not a major media company producing a hit TV show, your unstructured data and emails are an appealing target for hackers. Prevention is always the most effective form of cybersecurity, and the need to be proactive is more urgent than ever.
Here are several strategies to help you avoid falling prey to future attacks:
- Prioritize good governance. The HBO attack is being blamed on security issues inside one of the network’s contracted third-party production houses. A systematic approach to cybersecurity based on good governance — for both your business and your business partners — helps illuminate every possible vulnerability and resolve every possible exploit.
- Get rid of legacy systems. Older technologies were not designed with today’s security requirements in mind. These technologies are rife with vulnerabilities that are hard to spot and even harder to correct. Because there isn’t a fast, easy, or cheap way to resolve this problem, the only solution is to migrate to new systems entirely. At this point, outdated systems are only a liability.
- Migrate to the cloud. Effective cybersecurity requires sophisticated tools and ongoing maintenance to evolve with advancing threats. Migrating to the cloud is a simple solution because it allows your organization to upgrade its protection without burdening your IT team.
- Focus on unstructured data. Structured data, such as financial information, is subject to a number of security controls. Unstructured data, like IP, email, board presentations, and even customer information, is just as valuable, but it’s often left open to theft and attack. Devising a strategy to protect this data throughout the enterprise and incorporating advanced tools and expert insights does a lot to bolster your overall security strategy.
- Ironclad the inbox. The HBO attack reveals just how vulnerable the unstructured data in an email inbox really is. Plus, an inbox is one of the easiest ways to gain access to a larger network. Implementing an email security gateway that relies on a multi-layered approach provides an essential level of protection at all levels of your company. It also helps to minimize the consequences of common user errors.
The HBO hack isn’t a novelty. It’s just another confirmation that hackers have become more clever, tenacious, and unscrupulous than before. The only way to get ahead of the problem is to make protection an immediate priority.