In 2017, Netflix became one of the many companies to suffer a security breach. A group of hackers known as “thedarkoverlord” had gained access to the then-unreleased series of hit show “Orange is the New Black” and threatened to release it online unless Netflix paid a substantial ransom fee. Although the breach threatened to damage Netflix’s credibility, the company decided not to pay the ransom and were ultimately vindicated.
Netflix was able to refuse the hackers’ demands for a number of reasons. Firstly, the majority of subscribers would rather simply wait a few weeks until the official release instead of visiting illegal torrent sites in order to download the leaked episodes. And secondly, watching the series on Netflix still provided a vastly superior experience compared with watching the stolen files. Although the damage caused to the company was limited, that doesn’t mean to say that there aren’t lessons to be learnt from the breach. You can find some of the key ones below.
Nobody is safe
Netflix’s security breach emphasised the fact that no company is safe from attack. Despite being worth in excess of $90 billion, hackers were still able to penetrate the company’ defences. What’s more, as a technology firm, Netflix is certainly well aware of the threat landscape. Despite having huge financial resources and expertise at its disposal, Netflix became yet another cyberattack victim.
This should provide businesses with yet another example of the importance of taking cyberattacks seriously. Nobody is too big, or too small, to become a target, so it’s vital that companies stay abreast of the latest developments in the world of cybersecurity. As one vulnerability is corrected, hackers are working on exploiting another, so businesses must always be looking to improve their defences.
Paying out is not always the best policy
Ransomware attacks hit the headlines frequently in 2017, with a whole host of incidents being recorded throughout the year. The attacks are proving increasingly attractive to hackers because of the large financial rewards on offers. However, if companies begin to refuse paying up, then cyberattackers will start to lose interest.
Businesses must carefully weigh up how much their stolen files are worth against the cost of the ransom. In Netflix’s case, the impact of one series being posted early online was relatively limited and so refusing to pay the ransom made sense. For other businesses, this might not necessarily be the case, particularly when reputational damage is taken into account.
Choose your partners wisely
In the case of the Netflix breach, hackers stole the unaired episodes from a third-party post-production company called Larson Studios. This demonstrated the importance of choosing the right partners and ensuring that their security systems are up to scratch.
Although digital partners can end up as the weakest link in your cyberdefences, they can also provide additional protection. Cloud vendors are now offering disaster recovery as a service (DRaaS) and other security services to their clients to help shore up their defences, offering a holistic solution to disruptive events like cyberattacks. Not only does it allow businesses to restore their core systems as quickly as possible, but real-time back-up services also limit the damage caused by any ransomware attacks.