Netflix Hack: Key Lessons In The Economics Of Ransomware And Managing Third-Party Risk

Renee Murphy

Netflix recently experienced a third-party breach. The data lost is Season 5 of Orange is the New Black, which is original Netflix content. Many are calling it the largest entertainment industry hack since Sony. I guess that is right, but how bad is it really?

First, here is what happened. Netflix transferred season five to their post-production third party in Los Angeles, Larson Studios, for sound mixing and editing. Larson does the post work for at least 25 episodics that run on Fox, ABC, IFC and Netflix. It was Larson Studios that was hacked and, according to thedarkoverlord (TDO), they made off with not just Netflix content but network content as well, putting at risk the release of Documentary Now, Portlandia, Fargo and many others.  TDO contacted Netflix and asked for a bitcoin ransom or it would dump their content for download. Netflix refused to be extorted and TDO made good on its threat.

That got me thinking…was Netflix right to not pay the ransom? What was the real impact of that decision? Can networks and studios do the same thing? Are they inoculated from third party damage because of their industry or their product? Let’s find out.

1.     Was Netflix right to not pay the ransom? Yes. If I have learned anything from the state department it’s that we don't negotiate with terrorists. For Netflix, there is no reason to overreact or go to great lengths to explain the impacts. If you do an impact analysis, you see that it has a medium reputational risk, a low financial risk and no regulatory risk. With that kind of risk analysis, you don’t pay a ransom.

Read more

Forrester’s Security & Risk Research Spotlight - Governance, Risk And Compliance

Stephanie Balaouras

Crises don’t discriminate. Whether they are economic, geopolitical, technological or environmental, you can expect to have to deal with a major one soon. And how well you minimize the impact of that crisis is the difference between achieving your business objectives, and completely missing them, disappointing your customers, employees, partners, and shareholders in the process. Lucky for you (if you believe in luck and not the probability of chance events), Forrester’s risk experts have updated The Governance, Risk, And Compliance Playbook For 2016. I also recently finished a series of reports on the state of business continuity (which I have creatively named part 1, part 2, and part 3) to give you a jump start on your GRC efforts. Below, I’ve highlighted some of our most recent and exciting GRC research:

Read more

How To Go From Dinosaur To Eagle - Or Risk Being The CISO That Got Hit By The Comet

Peter Cerrato

Peter Cerrato is a principal consultant for Forrester's Business Technology consulting practice.  

A very strange and sudden thing happened 66 million years ago. A comet crashing into the Mexican Yucatan peninsula near Chicxulub put an end to the long reign of the dinosaurs. But not so fast. We now know that some of those dinosaurs survived the massive Cretaceous-Tertiary extinction event: the smaller, faster, feathered and headed-toward-warm-blooded early ancestors of our eagles and hawks.

(source: http://www.newscientist.com/special/living-dinosaur-bird)

Read more

Brand Resilience: Risk Pros' Key Role In Protecting Company Reputation

Nick Hayes

Risk professionals aren’t prepared for the age of the customer. Empowered consumers and changing market dynamics are upending longstanding business models and lines of operation, but risk professionals largely stand pat, and continue to neglect risks related to their organizations’ most critical asset – company reputation. Yesterday we published a report on "Brand Resilience" that will hopefully help you change that legacy risk mentality.

 

Corporate Reputation Is Increasingly Valuable…  

Companies today rely on their reputation to generate greater portions of their revenue, attract new customers, and retain existing ones. This is why we see:

Read more