With cyber-crime costing the global economy in excess of $450 billion in 2016 alone, cyber hackers have built one impressive business model with the latest victim being Time Warner’s (NYSE:TWX) crown jewel: Home Box Office (HBO).
To lay the groundwork on this particular matter, it’s important for all to understand the true gravity of the breech. Specifically, when you hear that more than 1.5 terabytes of information was stolen that is equivalent to over five billion pages of data.
Now, they’re targeting never before seen episodes from flagship shows such as “Games of Thrones” (GOT) and “Ballers” just as AT&T (NYSE:T) seeks to close its $85 billion purchase of the premium cable channel, timing could not have been worse which begs the question: Why HBO and why now?
Being that content is king in the TV industry, especially for hit dramas like GOT, any disruption to programming could be quite costly as could the acquisition price if it is deemed they have failed to meet and maintain industry standards on cyber security. The caveat is the fact that extortion demands from executive emails or a ransom could still be coming, forthwith.
To look at the “how” is what remains of paramount importance. With that, it is imperative to understand that the vast amount of attacks, such as this, are born from within. With that said, is it possible that the hackers breeched the outer boundary of the HBO system? Yes, just not probable. To clarify, breaking through a firewall that a company such as Time Warner would have is next to impossible. The internet has over 65,000 ports and certain ones must remain open to allow for such things as internet browsers, which is where hackers would attempt entry. Still, very low probability. What most likely happened is they were compromised from within by either rogue employees or an advanced phishing campaign, which is my bet, being that it is the path of least resistance and carries the highest probability of success. Once in, they go horizontal throughout the organization, also referred to as “Island Hopping,” to remove data and or deploy advanced spyware code.
So, what needs to be done?
First, CEOs, corporate leaders and boards must embrace the fact that we are in the embryonic stages of a cyber war and they are all targets. The return on investment is magnanimous for the hacking community given the minimal risk and resistance they encounter compared to the various streams of revenue they will realize. Second, conducting holistic vulnerability assessments on the entire IT platform must be done on a yearly basis and budgeting for this is paramount, which is normally where most companies drop the ball. Remember, cheap IS expensive. Third, train your employees. Without question, the easiest and most inexpensive thing to do to prevent attacks such as this is the deployment of ongoing anti-phishing campaigns sent to employees to educate them on what messages to open and which ones to challenge. Unfortunately, very few companies embrace this measure leaving hackers, such as these, an easy job and Fortune 500 companies easy prey.
Paul is the author and lead editor for Jane's Publishing's book "Workplace Security” and Contributing Editor for Jane's. He is co-author of "Silent Safety – Best Practices for Protecting the Affluent”. He appears regularly on FOX Business as well as other national television and radio outlets.
Paul holds the distinction of Honorary Assistant Attorney General for the State of Louisiana. He holds a bachelor's degree in Criminal Justice, a Master of Public Administration, and a Ph.D. in Philosophy.