Jul 31, 2017 HBO Hack Spotlights Need for Effective Incident Response Policy
HBO has confirmed that the company’s internal sites have been broken into, and that proprietary information (including reportedly scripts of upcoming episodes of the hit series “Game of Thrones”) have been seized. According to an article in Variety, “HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the network said. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms.” According to the report, compromised data totaled about 1.5 tbytes.
What’s the message here? First is that even responsible and well-run operations can–and likely, will–get hacked. Any CEO, CIO, or CISO who believes that his or her operation is perfectly secure is deluding themselves.
Second, and more importantly, the hack highlights the need for an effective incident response policy (IRP). An effective IRP is one that:
- Covers the range of compromises that can occur (release of proprietary authorization, embedding of malware, DOS, etc.)
- Includes crisp engagement with appropriate authorities and outside support
- Includes proactive communication with tailored to stakeholders (including the media, customers, investors, and employees)
- Addresses the technical and policy failures that lead to the initial breach
This sounds pretty straightforward, but it’s surprising how often even large companies have inadequate incident response policies. During the Heartbleed breach, for instance, one major credit-card company failed to update its contact center agents. Customers that read about the breach on the front page of the Wall St. Journal and New York Times called in to see if their personal information had been compromised were connected to contact center agents who had no knowledge the breach had even occurred.
How to develop an effective incident response policy? Nemertes professionals have been in the business of cybersecurity for over 30 years; we work with our clients as part of our Cybersecurity Support Program to develop incident response policies that align with appropriate frameworks (such as NIST) and to provide regular review and refreshes of these policies. Drop us a line at firstname.lastname@example.org and we’ll be happy to help. We also assist with many other aspects of cybersecurity.