It's become a huge cliché, but nonetheless effective to use Game of Thrones references in marketing, blogging and customer communications. It's easy to see why they are used - when dealing with work related communications and issues, we are likely to be tempted to look at an article relating to the ever evolving and always intriguing universe of Westeros and the Seven Kingdoms, rather than chasing up quotes or updating our CRM. Why wouldn't we communicate with language that piques our targets interest?
The details of the latest high profile cyber-security incident are still emerging. The victim in this case, HBO, are notoriously secretive about their trade secrets and intellectual property. It's possible that their overall security strategy was lacking and basic security protocols were not followed, making a breach inevitable. This seems unlikely given another studio was recently hacked, resulting in the early release of episodes of Orange is the New Black, and surely lessons were learned from their competitors mistakes. It will be interesting to see if the perpetrators utilised a phishingor whaling technique to infiltrate the target network, or relied on outdated and vulnerable applications or operating systems as we saw in the WannaCry and Petya attacks. Given the high profile nature of the latest hack, the cyber-security community will be following the details closely as they emerge.
It's interesting that the latest episode deals with the topic of breaching what should have been an impenetrable defense.
Looking at the latest developments from a 'glass-half-full' perspective, the latest hack is likely to be the least damaging hack from both an economic and human perspective in comparison to WannaCry, which resulted in the successful targeting of hospitals in the UK and businesses worldwide. To add to the reasons to be optimistic, the recent series of high profile attacks have done a huge amount in pushing cyber-security to the forefront of both business and governmental priorities, with 30 times the amount of spending on cyber-security than a decade ago. At the same time, the attack provides a further reminder to those not in the cyber-security business that their operations are perpetually at risk in the modern day, inter-connected world, and there is significant concern that our attitude to cyber-security is far too reactive.
There can be no doubt that the growing inter-connected nature of the world and rise of the so-called 'Internet-of-Things' is providing vast new opportunities for both criminal hackers and state actors to disrupt us, destroy and steal data, and profit off of our complacency and inability to adapt in terms of personal, business and perhaps most worryingly, political spheres. The results could be catastrophic. Cyber-security methodology and technology continuously evolves to neutralise and counter the new threats, resulting in an arms race that only shows signs of speeding up. We need to be prepared, for w.... I can't do it... I'll just leave this here:
If the cyber-attacks of 2017 hadn't given you a reason to really examine your cyber-security arrangements to ensure you are as safe as you can be from hackers, this latest episode probably won't either. But it's clearer now than ever before - the attitude of 'so-far-so-good' is a huge risk to your business. HBO undoubtedly have a substantial budget for network security, yet still fell victim. Despite the difficulty of demonstrating the value of cyber-security, it seems it will continue to require financial and reputational damage of high profile targets to bring this threat the attention it deserves.
Sometimes the reality of a situation is difficult to both fully comprehend and decide on a plan of action that gives us assurances we have done enough. But doing nothing has it's own inherent risks, and these risks are constantly growing for all business owners.
At the very least, we should all:
Understand the basic tactics of hackers such as phishing and whaling, and train staff accordingly
Regularly review our network and potential vulnerabilities, and fix these as a priority on a regular basis. I would hope I don't need to mention up to date anti-virus...
Have a plan for business continuity in case of disaster or a network breach that includes having reliable, tested backups for all critical data
It seems that this breach has just exposed us to Game of Thrones spoilers online. What will the cost of the next attack be to you and your clients?