\ Taking the Entertainment Industry for a Ride is more than a Game
Feature: Page (1) of 1 - 08/01/17

Taking the Entertainment Industry for a Ride is more than a Game

By Hamid Karimi, VP of Business Development at Beyond Security

The entertainment industry has been taken hostage- literally. America's soft power that has manifested in its entertainment industry prowess, is now under siege by a slew of nefarious actors. One can walk on the streets of underdeveloped or developing countries and find pirated copies of blockbuster movies or the latest music albums.

However, there is a paradigm shift from simply circumventing copyrights laws to direct intentional assault against an industry whose reach and influence far exceeds any hard power.   It is difficult to imagine the real intent behind the infamous Sony hacks and recent HBO breach was anything but for financial gains.  If we speculate that the aim is to cause harm (financially or to the brand), then state actors come to mind. 

If we eliminate the inside actor- any disgruntled or financially motivated employee, then those who breached the defenses of HBO, could have lived anywhere in the world if they had the right exploits at their disposal and a simple Internet connection to reach their intended target. 

It is not hard to fathom that HBO was specifically targeted and the breached put in motion a set of steps to reach their target.  Likely, the attackers scanned the HBO networks and found unpatched vulnerabilities (more than 99% of intrusions rely on easily addressable vulnerabilities) and then used an available exploit or set of exploits to invade the network and conduct their heist.  It is also possible and not currently known if the exploit, e.g., injected bot, was placed in the network many days or weeks ahead like a sleeping agent and an event triggered its action. 

Even without standard security controls, HBO could have protected its assets by deploying strong encryption technologies and maintaining a hardened key management system- designating themselves or a trusted third party as the root of trust or the master key holder.  HBO is certainly guilty of not only failing to deploy standard security controls but also weak access control tools and absence of effective mitigates such as limiting the amount of data available in a single repository thus forcing the intruder to wage multiple attacks to gain access to the trove of material.

Lesson to be learned? Nothing is impenetrable anymore and every organization no matter if it's in entertainment or in healthcare are vulnerable to attacks and security breaches. A very notable quote from HBO hit series comes to mind - "Power resides where men believe it resides. It's a trick, a shadow on the wall. And a very small man can cast a very large shadow." - Lord Varys.

Hamid Karimi has extensive knowledge about cyber security and for the past 15 years, his focus has been exclusively in the security space covering diverse areas of cryptography, strong authentication, vulnerability management, malware threats, as well as cloud and network protection. Hamid holds a Bachelor's of Science degree in electrical and computer engineering from San Francisco State University. He is the VP of Business Development at Beyond Security, a provider for automated security testing solutions including vulnerability management, based out of Cupertino, CA. 

Related Keywords:public speaking,

Source:Digital Media Online. All Rights Reserved

Our Privacy Policy --- @ Copyright, 2015 Digital Media Online, All Rights Reserved