5 Lessons Learned From The 2017 HBO Hack

A summer dominated by Game of Thrones turned cold when a group of hackers stole 1.5 terabytes of data from HBO and started leaking spoilers & episodes.

August 22, 2017 by Alex Collins, IT Services Consultant

The Web is Dark and Full of Spoilers: Five Lessons from the HBO Hack

hbo-hack-game-of-thronesWinter came early. In late July, a summer dominated by the appointment television of Game of Thrones turned frigid when a group of hackers heisted 1.5 terabytes of data from HBO. Since the breach, they’ve been strategically leaking Game of Thrones spoilers and unaired episodes.

In the digital realms that superfans inhabit, from Reddit threads laden with elaborate theories to Twitter’s instant hot-take barrage, the secrets and surprises of GoT are a cottage industry. For many fans, that experience is now ruined, and for them and HBO alike, there’s a new villain to reckon with: hackers.

Breaking the news, The Hollywood Reporter called the breach “a sophisticated cyberattack that potentially compromised seven times the amount of data stolen in the Sony hack.” It’s huge—for the HBO brand, for the HBO brass, and for the showbiz industry writ large. The cache of data stolen may have included video, sound, emails, spreadsheets, financial documents, and employee or customer information.

In short, everything. Including the many moneymaking secrets of Game of Thrones.

What’s to stop a hack like this from happening to your business? The answer lies in your cybersecurity strategy. Learn these five lessons from the HBO hack to avoid your own version of a Hollywood cyber-heist.

Know Your Brand

What does one think of when one thinks of valuable corporate data? Consumer or stakeholder information—credit cards, passwords and routing numbers. Generally, that’s what hackers are looking for. But the HBO hack illuminates another vital data set: the first-party data, properties and tent poles and that uphold your brand.

For HBO, that's shows like Game of Thrones. It’s their ability to make audiences tune in, in droves, every Sunday night. It’s obsession over the show. It’s reaping accolades and awards. It’s association with producing, developing, and championing a great, unique, industry-changing product. It’s their secret sauce.

When that’s compromised—and it has been—the effects are far-reaching and wholly unpredictable. Even today, the fallout from the hack endures. The same would be true for any brand, from hospitals to law firms to e-commerce shops. If your secret sauce gets spilled, your brand craters. It's just as catastrophic as a consumer data dump.

Know Your Points

The Hollywood Reporter also suggests that the HBO hackers used multiple points of entry. What that means is, if your business is targeted, you’re vulnerable from a range of entry points, including:

  • An employee connecting to a network

  • An online printer connecting to a network

  • An employee using VPN while working remotely

If it’s connected to a network, it’s a point of entry. Hackers will scan and target your least secure connections.

Often though, the weakest points aren’t necessarily software, but rather the people who work for your business. Employees click, download, and visit dodgy links and phishing sites. They shouldn’t, but they do—human error is part of the cost of doing business.

Protect your business by educating your workforce. Overall education is the closest thing to a hacking panacea. Inform your personnel of best practices. Champion and mandate the latest and greatest in antivirus tech and malware patches. Empower your IT team to enforce password management. When the importance of security comes from the top down, compliance typically follows.

Know Your Targets

According to Variety, hackers leaked a senior HBO exec’s personal info, including banking data, leading to speculation that these hackers accessed the exec’s work email. If true, this would be consistent with conventional wisdom: powerful, influential employees are the biggest targets for a hack.

Employees’ public profiles make it easier for hackers to exploit them. Hackers can scrape employees’ social media accounts to figure out critical information—names of spouses and pets, birthplaces, et cetera—that they can use to crack passwords.

After all, many people use variations on that type of information for their password bases. And it follows, logically, that high-profile employees have access to sensitive, and thus lucrative, information. That’s why it’s essential to have a multilayered, comprehensive security plan: unified threat management, firewall monitoring and evaluation, testing, and patching.

Close Your Windows

DigitalTrends.com reports that the HBO hackers weren’t searching for specific shows. Instead, they were targeting computers running outdated Windows operating systems.

It’s not as if running Windows puts your company at risk; Windows 10 is robust and updated regularly. Many companies simply aren’t using the latest version. (Indeed, some HBO servers were still running Windows 7.) Large organizations face a difficult practical challenge: making sure all servers, and employee devices, are up to date. It’s way too easy for employees to fall a few days behind, or 30, or 60, on installing system updates.

But it’s crucial, because as the HBO incident shows, hackers are ready to pounce. Furthermore, Microsoft has outright stopped patching older operating systems. So the obvious safeguard to Windows hacking is this: the newer the Windows OS, the better.

Have a Backup Plan

When news of the hack broke, HBO claimed there was no ransom demand. Then, according to CNBC, they “offered $250,000 as a bounty payment to a hacker who stole TV show scripts.” Later, HBO claimed “it was just a delay tactic,” then that they “would not participate further with the hackers after first offering a $250,000 bounty,” as reported by the Guardian.

Here, the paucity of good options for HBO is obvious. Do they pay the ransom? Do they negotiate? Other organizations, like hospitals or e-commerce companies, face similarly dire choices in a breach, because they rely so much on data. Without real-time, on-demand data, the results are catastrophic.

The only true safeguard is to back up and mirror your data instantaneously. Redundancy will render any hand-wringing about hacking ransom moot. If your data is redundant, you can get right back up and running, even amid a hacking horror show.

Think through all the possibilities. What can you not afford to lose? What do you do if something gets hacked? Are your data centers redundant? Find answers, establish policies, and execute. With sound strategy, and the latest tech, you can sidestep the harsh spotlight of an HBO-style hack.