GDPR:Report – HBO has suffers a “cyber incident” leaking a Game of Thrones episode

03AugAugust 4, 2017 By Jason Hart

gdprreport-logog HBO was victim to a “cyber incident”, which has resulted in the theft of a Game of Thrones episode and other data.

On Tuesday anonymous hackers leaked HBO data to the website “winter-leaks.com” however it was inaccessible by Wednesday. The hackers claimed to have stolen 1.5 terabytes of data from the network’s servers.

Jason Hart, CTO, Data Protection at Gemalto and former ethical hacker said on the incident:

“Broadcasters face a unique threat. Due to the nature of the industry, hackers have the opportunity to access data as it is transmitted between multiple data centres, and so they require solutions to help encrypt their high-value TV transmissions – without interfering with the audience’s viewing experience. These specialised solutions, such as high-speed encryption, will help ensure that broadcasters are protecting their IP in an age of increased piracy and data theft.

“HBO now joins a list of other Hollywood victims of crime such as Netflix and Sony. This incident is another reminder that broadcasters must invest in fundamental security controls and practises – encryption, key management and two-factor authentication – to control access to highly sought-after content and protect it in the event that a breach takes place.”

To read the full article click here.

eSecurity Planet – HBO Hack Highlights Importance of Encryption, Data Governance

02AugAugust 4, 2017 By Jason Hart

esp_logo 1.5 TB of data, including unreleased episodes of upcoming shows, was stolen and leaked online.

Gemalto CTO of data protection Jason Hart said by email that broadcasters in particular face a unique threat. “Due to the nature of the industry, hackers have the opportunity to access data as it is transmitted between multiple data centers, and so they require solutions to help encrypt their high value TV transmissions — without interfering with the audience’s viewing experience,” he said.

“HBO now joins a list of other Hollywood victims of crime such as Netflix and Sony,” Hart added. “This incident is another reminder that broadcasters must invest in fundamental security controls and practices — encryption, key management and two-factor authentication — to control access to highly sought-after content and protect it in the event that a breach takes place.”

To read the full article click here.

Game of Threats: It’s Time for a New Data Security Script

01AugJanuary 30, 2018 By Jason Hart

This data breach comes just as HBO has released the seventh series of Game of Thrones. For the first six seasons, it’s been somewhat easy to predict what might happen because readers of George R. R. Martin’s books knew the general storyline. Season seven is different. There’s no book to provide a script. This time around, viewers are all flying blind – with the exception of a few clues that may foreshadow the events of this new season. (Of course, this could now change because of the breach, but .)

This is kind of how IT and security teams find themselves today when it comes to protecting their data and networks from hackers and other threats. It’s a new Game of Threats and there’s no script to follow. There’s so much data to defend, the attack surfaces have increased and the threat vectors are too large to stay on top of. Security teams can no longer rely on what traditional strategies have told them in order to predict how best to defend their networks and what is most critical – their data. The script they have followed –breach prevention – is a thing of the past just like medieval history and the dodo bird.

Much like the castles of Dragonstone, Riverrun and Winterfell that were built to protect the great houses in the Game of Thrones, today’s security teams continue to rely on defending the perimeter as the foundation of their strategy. Build walls and moats, set up sentries to keep guard and monitor who gets in (or not) with the right password or credentials. Even as the threats and technology landscape has changed dramatically, this is the essence of security practiced today. But just like the first (and second) Siege of Riverrun, castles and perimeter defenses can easily be compromised and taken control of by outsiders.

Breach prevention (as a foundational strategy) is dead. Relying on perimeter security as the principle means of protecting sensitive information is a fool’s errand. Instead, companies should stop pretending they can prevent a perimeter breach. They should accept this reality and build their security strategies accordingly. They need to learn how to best secure the breach and adopt cybersecurity situational awareness. It is impossible to protect everything by building bigger walls and adding more guards to detect attacks. Deploy layered defensive strategies that enable them to protect what matters most, where it matters.

In 2017, companies will spend $90 billion on information security worldwide, up nearly eight percent from last year. Most of this is being spent on prevention, detection and response products and services. Now let’s weigh that against how effective this has been. According to the Breach Level Index, in 2016 there were more than 1.4 billion data records stolen which was up 86% versus 2015. So, one might say companies are not making very good investments with their IT budgets. You know the saying made famous by Albert Einstein that the definition of insanity is doing the same thing over and over again and expecting different results? It applies very well with how data security is done today.

It’s time for a new data security mindset. One that shifts from breach prevention to breach acceptance and is focused on securing the breach. This Secure the Breach manifesto is something we have been saying for five years. Companies need to move their security controls as close as possible to the data and users accessing that data because perimeter security controls do not protect data. By embedding protection on the assets themselves you ensure that even after the perimeter is breached, the information remains secure. By implementing a three step approach – encrypting all sensitive data at rest and in motion, securely managing and storing all of your encryption keys, and controlling access to apps and authentication of users – you can effectively prepare for a breach. That way, you can Secure the Breach and more effectively defend your company in the Game of Threats.

Protect what matters, where it matters – Discover how at Secure the Breach.

This post also appears on the Gemalto Enterprise Security Blog here.