It's widely reported by Variety and other outlets that a third-party to Netflix and major entertainment networks was hacked late last year, and the hacker is threatening to release episodes of unreleased shows, having released some episodes of Orange is The New Black. In response:
Jonathan Dambrot, CEO / Co-Founder of third-party cyber risk specialists Prevalent, Inc, says: "This hack continues to show the need to ensure that sensitive data is properly protected throughout the data supply chain. The boundary for protection must include every partner with access to sensitive data and systems.
"For Netflix, this must include anyone who touches its most valuable programming. Netflix builds awareness and subscription demand based on its fantastic programming, but no business can own every part of its production process. It must depend on strong, secure partners, which must be assessed as part of the contract process and monitored regularly throughout the life of the relationship."
David Vergara, Head of Global Product Marketing, VASCO Data Security:
On the many possible root causes of the breach -
1. Weak and Stolen Credentials, a.k.a. Passwords
Hacking attacks may well be the most common cause of a data breach but it is often a weak or lost password that is the vulnerability that is being exploited by the opportunist hacker. The Simple Solution: Use complex passwords and strong authentication, and never share passwords.
2. Back Doors, Application Vulnerabilities
Why bother breaking the door down when the door is already open? Hackers love to exploit software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that they can crawl straight through to get directly at your data. The
Simple Solution: Keep all software and hardware solutions fully patched and up to date.
3. Malware
The use of both direct and in-direct Malware is on the rise. Malware is by definition malicious software; software loaded without intention that opens up access for a hacker to exploit a system and potentially other connected systems. The Simple Solution: Be wary of accessing web sites which are not what they seem, and of opening emails where you are suspicious of their origin, both of which are popular methods of spreading malware!
4. Social Engineering
As a hacker, why go to the hassle of creating your own access point to exploit when you can persuade others with a more legitimate claim to the much sought after data to create it for you? The Simple Solution: If it looks too good to be true, then it probably is too good to be true. If you were going to bequeath $10 Million US Dollars to someone you had never met, would you send them an email?
5. Too Many Permissions
Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein on who has access to what within their organisation are likely to have either given the wrong permissions to the wrong people, or have left out of date permissions around for a smiling hacker to exploit! The Simple Solution: Keep it Simple.
6. Insider Threats
The phrase “Keep your friends close and your enemies closer” could not be any more relevant. The rouge employee, the disgruntled contractor or simply those not bright enough to know better have already been given permission to access your data, what’s stopping them copying, altering or stealing it? The Simple Solution: Know who you are dealing with, act swiftly when there is a hint of a problem and cover everything with process and procedure backed up with training.