Winter is here for television networks and entertainment streaming services experiencing headaches over hacked programs. This summer, HBO was victimized by hacks resulting in the premature release of movies and television programs, such as Game of Thrones, Curb Your Enthusiasm, and Ballers. The hackers claimed to have stolen 1.5 TB of data from HBO, which includes unaired episodes, plotlines, actors’ personal information, and internal emails between producers and executives. The hackers have demanded millions in bitcoin, but HBO refuses to “bend the knee.”
Many companies across the nation and around the world experience headaches with data breaches. In the United States, a breach is a legal term of art that may mean something different depending upon the residing state of individuals whose data has been implicated, or the nature of the information at issue. For example, protected health information is governed by covered entities under the Health Insurance Portability and Accountability Act (HIPAA). Breach responsibility depends upon (1) location and (2) type of data involved and can lead to lawsuits and investigations as to why an individual’s personal information was not thoroughly protected.
The HBO hacks are also a great example of the importance of data governance. Although some legal action may be available both criminally and civilly if the hackers are identified, courtroom battles are anything but assured. Prevention is often the best strategy. All persons involved at each stage of production (drafting, shooting, editing, re-shooting, post-production, and distribution) should remain vigilant against their data falling into the wrong hands. Entertainment entities can curb the risk by implementing policies that spell out data classification and data mapping.
Cybersecurity professionals recommend that companies classify their data in accordance with importance and value so that the company knows where to invest its security resources. For example, a 20-second promotional commercial for the season premiere of Game of Thrones may not cause as much damage if leaked as the fully produced season finale episode. By understanding the data’s importance, the company can take appropriate safeguards. Likewise, you cannot protect data if you do not know where it is located. By mapping data, companies can understand where valuable information is located and employ appropriate safeguards.
Finally, companies and entertainment entities should invest in promoting strong technical, administrative, and physical safeguards. Coverage of entertainment hacks often focuses on the technical safeguards in place (was the data encrypted? what firewalls were in place?), but like a three-legged stool, strong data governance will only support the company if all three types of safeguards exist. Companies should make sure that all administrative staff are on the same page about how classified data is to be handled. Traditional locks and physical security can protect against corporate espionage.
The HBO hacks should serve as a reminder to all entertainment entities (and really any company) of the PR, proprietary, and business consequences that can result from a hack. Companies should not just sit back and expect that “the wall will hold.”