CLOUDSEC 2017: Game of Thrones Hack Tells Us IP Theft is Still a Major Risk

by Ross Dyer

It’s difficult to even discuss data breaches today without referencing the European General Data Protection Regulation (GDPR). With less than a year to go, it is a major area of focus for UK IT leaders keen to avoid mandatory breach notifications and potentially astronomical fines. Yet breaches aren’t all about the customer data governed by the GDPR, as HBO found out this week. Hackers have reportedly made off with 1.5TB of data from the US TV network, uploading a script from an upcoming Game of Thrones episode and two full episodes.

It’s a good example of why IP theft-related risk should be just as big a driver of improving cybersecurity as attacks targeting customer data. Fortunately, attendees at this year’s much anticipated CLOUDSEC event will have some great learning opportunities designed to help them bolster defences against just such attacks.

A growing problem
It’s unclear how they breached HBO, but Entertainment Weekly claimed that the hackers subsequently sent reporters an email with details of the attack on 30 July. The network confirmed the “compromise of proprietary information” which is said to include upcoming episodes Ballers and Room 104.

“The problem before us is unfortunately all too familiar in the world we now find ourselves a part of,” wrote CEO, Richard Plepler, in an email to staff.

He’s right there. As more and more firms go digital, there’ll simply be more opportunities for hackers to steal highly valuable content of this nature. Given the popularity of the show, Game of Thrones is obviously a major target for malicious third parties looking to generate revenue off the back of their efforts. But the same principle could extend to any sensitive content, from military designs to educational research. In fact, Verizon’s most recent Data Breach Investigations Report revealed public sector, professional services, education, and manufacturing sectors to be the biggest targets of cyber-espionage and IP theft. In manufacturing, it accounted for over 90% of attacks.

State-sponsored theft accounts for the vast majority (90%+) of such breaches, but financial rewards are an increasingly tempting lure for cybercriminals. Earlier this year, hackers tried to extort a ransom from Netflix before dumping 10 unseen episodes of hit show Orange is the New Black online. The bad news for HBO is that its attackers said there are more leaks to come.

CLOUDSEC here to help
Given the stakes today, it can be tough for IT security leaders tasked with protecting huge volumes of sensitive IP residing in their digital vaults. HBO reportedly required GoT actors to switch on two-factor authentication for their email accounts, and further reduced its attack surface by limiting the number of people who received scripts. Yet its failure to keep the hackers out highlights the acute challenges facing CIOs and CISOs.

Back by popular demand, CLOUDSEC 2017 is a one-day conference dedicated to providing IT leaders with the latest cyber defence strategies and intelligence on current threats. Industry leaders, government agencies, commercial organisations, professional associations, technology vendors, and cybersecurity professionals from across the globe will converge on London in September to share their industry-leading expertise.

Senior representatives from Microsoft Azure and Amazon Web Services will discuss protecting cloud workloads; our very own VP of Security Research, Rik Ferguson, will tackle IoT threats; and there’ll be contributions from the likes of Interpol and the FBI. There will also be a panel debate on incident response, and an opening session on how to balance “digital good” with “digital bad”, featuring Microsoft UK’s National Security Officer, Stuart Aston, BT Security’s President, Mark Hughes, and a senior representative from GCHQ.

Tickets are going fast, so to reserve yours, get in touch today.

What: CLOUDSEC 2017
When: Tuesday 5 September
Where: Park Plaza Westminster Bridge, London

 

Leave a Reply

Your email address will not be published. Required fields are marked *