The Importance of Effective Incident Response: the HBO Breach Expands

The hackers behind the recent breach at HBO have posted additional stolen data online, including Game of Thrones script summaries and several emails from an HBO executive’s inbox, according to the Hollywood Reporter.

In a video message sent to HBO CEO Richard Plepler, the hackers said, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”

The AP reports that the hackers demanded “our six-month salary in bitcoin” to stop leaking the stolen data, claiming they earn $12 million to $15 million a year from their attacks.

LogRhythm CTO and co-founder Chris Petersen told eSecurity Planet by email that the breach may usher in a new era of cyber extortion. “If HBO ponies up the ransom, it could embolden other cyber criminals to pursue similar avenues of attack and monetization,” he said.

“What HBO does in response to these latest demands could set a precedent with enormous global consequence for businesses having intellectual property as their lifeblood,” Petersen added.

Prevention and Response

In a statement provided to the Hollywood Reporter, an HBO spokesman said, “HBO believed that further leaks might emerge from this cyber incident when we confirmed it last week. As we said, the forensic review is ongoing.”

“While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our email system as a whole has been compromised,” the spokesman added. “We continue to work around the clock with outside cyber security firms and law enforcement to resolve the incident.”

SailPoint president and co-founder Kevin Cunningham told eSecurity Planet by email that the most important factors with regard to a breach like this are prevention, education, and incident response.

“When a breach does happen, it’s important to quickly find out how and why it occurred, assess the damage and required response, and put IT controls in place to address future attacks,” Cunningham said.

Measuring Incident Response

Still, a recent Demisto survey of more than 200 security professionals found that over 40 percent of organizations aren’t prepared to measure incident response, and just 14.5 percent are measuring mean time to respond (MTTR).

While 54 percent of respondents believe automating incident response would provide immediate benefits, just 10.9 percent have already done so.

“The key to effective incident response is having the right combination of people, technology and processes,” Demisto co-founder and vice president of marketing Rishi Bhargava said in a statement. “However, this study revealed that many organizations are far from having this right combination.”

Centrify senior director of products and marketing Corey Williams said the breach should serve as a reminder of how lax security and poor incident response can impact a company’s bottom line. “The stakes for properly securing access to corporate resources and handling security incidents couldn’t be higher,” he said.

“In the last three months, HBO’s revenues increased one percent to $1.5 billion,” Williams added. “AT&T also recently agreed to buy HBO’s parent company Time Warner. There’s a high possibility that this hack could have huge financial ramifications on both HBO’s revenues and the acquisition.”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles