Hackers recently claimed to have breached HBO’s systems and stolen 1.5 TB of data including upcoming episodes of Ballers and Room 104, Entertainment Weekly reports.
In response, HBO stated that an incident had “resulted in the compromise of proprietary information,” adding, “We immediately began investigating the incident and are working with law enforcement and outside cyber security firms.”
In an email to employees, HBO chairman and CEO Richard Plepler wrote, “I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests. The efforts across multiple departments have been nothing short of herculean.”
Protecting Key Data
AlertSec CEO Ebba Blitz told eSecurity Planet by email that the breach should serve as a clear reminder that hacking isn’t limited to financial, health and personal information.
“All information is vulnerable because some hackers are motivated by the thrill of it,” Blitz said. “They steal because they can, not because the information always has any real long-term value. All data needs to be protected with encryption.”
Gemalto CTO of data protection Jason Hart said by email that broadcasters in particular face a unique threat. “Due to the nature of the industry, hackers have the opportunity to access data as it is transmitted between multiple data centers, and so they require solutions to help encrypt their high value TV transmissions — without interfering with the audience’s viewing experience,” he said.
“HBO now joins a list of other Hollywood victims of crime such as Netflix and Sony,” Hart added. “This incident is another reminder that broadcasters must invest in fundamental security controls and practices — encryption, key management and two-factor authentication — to control access to highly sought-after content and protect it in the event that a breach takes place.”
Richard Stiennon, chief strategy officer at Blancco Technology Group, said the HBO breach is a great example of the importance of data governance. “Content producers and all the parties involved in shooting, editing and post-production processing and distribution should be on high alert,” he said. “They should immediately review their data governance policies and discover the weak links in protecting their content and shore up their defenses. An information governance policy should take into account where critical content resides at all times.”
Still, a recent Thycotic survey of over 400 global business and security executives found that four out of five companies don’t know where their sensitive data is located or how to secure it.
And while 80 percent of data breaches involve stolen or weak credentials, 60 percent of companies still don’t adequately protect privileged accounts. Two out of three companies don’t fully measure whether their disaster recovery will work as planned, and four out of five never measure the success of security training investments.
“It’s really astonishing to … see just how many people are failing at measuring the effectiveness of their cyber security and performance against best practices,” Thycotic chief security scientist Joseph Carson said in a statement.