Hot on the heels of the massive ransomware attack on 12 May 2017, reports are emerging of ransomware attack on Disney. Unlike the Wannacry attack, which has impacted over 200,000 computers in 150 countries, the Disney attack has been deliberately targeted, with hackers threatening to release segments of the new Pirates of the Caribbean film unless a bitcoin ransom has been paid.
This is not the first time that the media industry has been targeted in such a way. Perhaps the most famous case was that of Sony in 2014 which wiped out half of Sony’s global network, erasing everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. As well as obtaining staff details and confidential emails, the hackers leaked a number of films that had yet to be released.
More recently, Netflix ‘Orange is the New Black’ episodes were stolen and released by hackers when their demands for ransom were not paid. This case is particularly interesting as the hack was part of a much larger attack, and took place at the post-production studio, Larson Studios; the hackers tried initially to claim their ransom from Larson January 2017. This latter case really highlights the importance of understanding your supply chain and ensuring that the information security policies and procedures that are in place are fit for your requirements; in this instant, the hacker involved (TheDarkOverlord) was reported stating that ‘they love going after third party vendors’.
Each of these examples demonstrates the need to have a clear understanding of the risks that will surround your information security system, and to ensure an ongoing assessment and mitigation of those risks. It is also critical to have a good understanding of the risks within your supply chain. It is highly unlikely that all risks will be mitigated, for reasons of cost and practicality, but any vulnerabilities must be understood, and appropriate incident management plans put in place to ensure a speedy and coordinated approach.
Contact Cambridge Risk Solutions to find how we can help you with information security and incident management planning, Call us on 0800 035 1231.