Game of Hacks

On Monday, HBO confirmed hackers breached the company’s servers and stole an unconfirmed amount of the company’s data including scripts, unreleased television episodes and much more. The incident is already being compared to the 2014 Sony hack, when approximately 26 gigabytes of data, including inflammatory emails and employee data, were released online. Though some of the network’s content has been leaked in the past – two years ago, stolen DVDs containing the four first episodes of Game of Thrones season five were leaked online – this is the first time HBO has experienced a cyber-attack of this scope. “HBO recently experienced a cyber-incident, which resulted in the compromise of proprietary information,” the company said in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cyber security firms. Data protection is a top priority at HBO, and we take our responsibility seriously to protect the data we hold.” While the total size of the data stolen has not yet been confirmed, the hackers claim they’ve accessed up to 1.5 terabytes of data. Experts believe the stolen information could include sensitive financial information and even employee records. Already leaks of some HBO content are appearing online, including upcoming episodes of Ballers and Room 104, as well as the alleged script for the fourth episode of Game of Thrones. In an email sent to reporters on Sunday night, the hacker group confirmed they planned to leak more of the information in the coming days, writing: “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. It’s HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread...

Cybersecurity

Your organization manages sensitive information every day. You rely on cybersecurity specialists to protect your data from misuse. The demand for security specialists is skyrocketing, yet a shortage in candidates leaves the industry—and your organization—vulnerable. Symantec reports that the global demand for the cybersecurity workforce is expected to rise to 6 million by 2019, with a projected shortfall of 1.5 million. The profession is slated to grow by 36.5 percent through 2022. While that is a notable improvement, it is still woefully short. Reports by the Bureau of Labor Statistics suggest that the demand for information security specialists is expected to grow by 53 percent as soon as 2018. Currently, 209, 000 cybersecurity jobs in the U.S. remain unfulfilled. The result is a lack of 24×7 monitoring by nearly 75 percent of security enterprises. There simply aren’t enough specialists to supervise your data around the clock. The shortage of talent causes many security teams to fall short of their goals. A report by 451 Research compiled responses from more than 1,000 IT professionals. The outcomes revealed that 34.5 percent of security managers couldn’t implement desired security projects due to a lack of staff expertise. More than 26 percent fall short of objectives due to inadequate staffing. To fill the void, many organizations opt to cross-train existing IT staff. Chris Cochran, Threat Intelligence Leader at IronNet Cybersecurity expounds: “The great thing about cross-training is that IT technicians already have a background in a cyber craft. This shortens the time it would take to make someone operational in a given task or field. The downside is that, more often than not, you find cyber experts stretched for time and expertise. They are being spread too thin across the landscape. We need resident experts. We need people...

Beware Ransomware

Last month, the Los Angeles Department of Health Services became the latest victim in a string of ransomware demands hitting the healthcare industry. Though not as severe as the ransomware attack on Hollywood Presbyterian Medical Center earlier this year demanding $17,000 in bitcoin, Department officials were quick to act on the threat. The Los Angeles Department of Health Services was able to contain the damage to five work computers thanks to preemptive security measures. Because employees have limited access to the department’s database, the ransomware attack was unable to spread. When asked about the nature of the attack, Director of USC’s Center for Computer Systems Security Clifford Neuman explained, “Since this one affected only a few employees’ systems and does not appear to have spread further, it was likely one of these non-targeted pieces of malware.” Exploiting Vulnerabilities Non-targeted malware describes how attackers access a victim’s device. Whether the ransomware sneaks in through an email, an attachment or even a camouflaged link, once triggered, the result is a total lockdown of the infected device through encryption of the contents. Paying the ransom releases the data and returns control of the device to the victim. Ransom prices can vary from small sums to thousands of dollars. Until recently, Apple devices and systems had not been widely affected, but news of ransomware malware lurking inside a recent update for Transmission highlighted vulnerabilities inherent in all online activities. While in the past ransomware primarily struck individuals, in recent months attacks have kicked up a notch. The latest victims are large, data-rich institutions like hospitals and government services. “Since the New Year, the healthcare industry has experienced an uptick in ransomware incidents,” county spokesman David Sommers told the LA times, reiterating that the county has “be successful in...