At the end of July, news broke that HBO had suffered a serious security breach. It was soon reported that hackers had managed to extract 1.5 terabytes of data from the network. To put this in context, this is 7 times more data than was stolen from Sony in 2014. The Sony breach had wide-reaching implications and led to the resignation of the company’s co-chairman, Amy Pascal. The HBO data breach is still unfolding, but it has become clear that the hack will have a financial impact on the company. For any other company, a data breach of this size could easily represent every file, email and document the company has ever created. It’s only because the HBO hack included audio and video recording that the volume of data is so vast.
For some people, this hack represents nothing more than a chance to get their hands on unaired episodes of their favourite TV shows a few weeks or months earlier. For HBO, it’s theft, not only of completed episodes but of concepts and ideas that might one day make them a lot of money. The emails and documents that the hacker group are threatening to release would likely make interesting reading for their competitors. A data breach of this kind is every company bosses worst nightmare, whether you make TV shows or garden sheds. So, what can other companies learn from the HBO hack?
Acknowledge the problem
With a data breach of this size, it would be difficult for HBO to keep it quiet for long. The handling of the breach from the top-level management was exemplary as the company issued a company-wide memo and statement acknowledging the breach as soon as the breach was confirmed. With the Sony breach, it took 7 days for the company to announce that the details of 77 million users had been stolen by hackers. When it comes to data breaches, a swift response is essential, not only to fix the problem but also to prevent further fallout from the associated PR nightmare.
Be careful what you type
Perhaps the most concerning aspect of the breach is the news that one HBO Executive’s personal details and entire email history had been made publically available. It isn’t yet known how this was made available, but all the signs seem to point towards this executive keeping sensitive information all in one place. We’re all guilty of scribbling down passwords or sending bank details back and forth via email. It’s important to understand that, while you may not create a folder titled “all of my personal information”, this can after be pieced together from various email threads in order to create a complete picture. If you wouldn’t want someone reading it over your shoulder, then don’t put it in writing, and certainly, don’t email it to anyone.
Learn from mistakes
Many experts in network security have been voicing their frustration that lessons weren’t learnt from the Sony hack. According to Fong Choong Fook, a former white hat hacker turned financial digital security consultant, he raises doubts that “the hacking activities were only confined to online hacking. There would have been sequences or combinations of internal corroboration and physical intrusions” He goes on to highlight the dangers of storing media content and Intellectual Properties on a network that is not properly protected by strong access controls and data encryption.
Hopefully, the HBO hack will encourage business owners to sit up and pay attention to their network security. In the past, we’ve written about how hackers rely on company bosses not speaking out as it helps them to fly under the radar. You might not be holding the secret ploline to the next Game of Thrones episode in your emails, but we’re sure that any business owner would agree that their trade secrets are just as important, so surely they are worth protecting? Get in touch today if you want to discuss your network security provisions.