White WalkerA swarm of zombies, led by Byte Walkers, surges inexorably onward to penetrate a massive perimeter wall by force and stealth.  Sounds like Game of Thrones, right?  Instead, this is our cyberthreat reality. And in an ironic twist that would make George R. R. Martin blush under his beard, it’s now painfully real for HBO, which recently acknowledged suffering a massive cyber intrusion through which hackers claim to have stolen up to 1.5 terabytes of proprietary data, including Game of Thrones future epsodes.

First Sony, then Netflix, and now HBO – what’s a Westerosi to make of this?

People with odd names nevertheless can hurt you.

Littlefinger, the Hound, the Mountain, the Redwoman, the Sand Snakes – silly names, but seriously dangerous folks.  It makes little difference whether hackers self-identify as Guardians of Peace (Sony), The Dark Overlord (Netflix), or Kind Mr. Smith (HBO).  What does matter is what they accessed; how they did it; how to contain, eradicate, restore, and respond; and what can be learned to improve your safeguards going forward.

Size doesn’t matter.

Tyrion Lannister is formidable despite his frame; Qyburn’s Little Birds dispatched Grand Maester Pycelle (or for Ice and Fire purists, Varys’ Little Birds finished off Sir Kevan Lannister in Book 5); and please remind me to stay off of Arya Stark’s to-do list.  Similarly, no matter how small the entry point – a single successful spear-phish, a single unprotected endpoint, a single unsecure service provider – the damage can be done.

And it’s no longer fundamentally about the quantity of data accessed. Instead, as hackers’ monetization strategies shift from third-party (selling your data on the black market) to first party (selling your data back to you, for ransom),  the quality of the accessed data is paramount.  Hackers want to threaten maximum pain through potential disclosure of your crown jewels, to better motivate ransom payment.

Unlike Lannisters, hackers don’t always pay their debts.

In a ransomware attack, the hackers need you to believe that paying ransom will yield the unlocking of your data. With an exfiltration/ransom attack, the hackers need you to believe that if you pay the ransom, then they won’t go ahead and sell or disclose the data anyway.  With an Ice Blade at your throat, it may be tempting to trust the hackers.

On this point, Netflix’s experience is instructive.  The original theft of Netflix’s data, including unaired episodes of Orange is the New Black, occurred at Larson Studios, a small post-production service provider to Netflix. According to Larson’s owners, they paid the equivalent of over $50,000 in Bitcoin as ransom, with the understanding that the stolen data would not be later used or disclosed by the hackers.  Within a few weeks, they were contacted by the FBI, because the hackers were apparently using the purloined data once again, this time to blackmail Larson’s clients, the Hollywood studios.

Like winter, hacking is coming.

Preparation is key.  It does little good for Winterfell to be stocked with one years-worth of food when winter may last five to ten times that long.  Merely recognizing that we’re in a “when, not if” world of data breaches does little good either.  One must prepare.  This means:

  • updating your security risk assessment;
  • applying new safeguards and security controls appropriate for your changed circumstances;
  • taking a serious look at your service provider’s security posture;
  • updating your data retention schedule and data management practices to rid yourself of unnecessary data;
  • redoubling efforts on employee awareness, particularly on phishing and credentials;
  • ensuring that your IT incident response plans are actionable, including disaster recovery; and
  • developing a breach respose readiness plan for your organization.

Cyber security can be an “either you win, or you die” dilemma.  Best be ready.