Despite all its recent success, HBO didn’t have a great summer.
On July 31, the company fell victim to hackers, with the perpetrators leaking unreleased episodes of “Curb Your Enthusiasm,” among other shows. With tensions rising and the Bitcoin ransom storyline playing out like a summer blockbuster, the stakes are high for HBO. Hackers appear to have stolen 1.5 terabytes of HBO data, and there’s speculation that those responsible are holding unreleased “Game of Thrones” content hostage for their biggest payday.
Two weeks before, on the night of the “Game of Thrones” season 7 premiere—the biggest night for HBO—HBO NOW collapsed under the weight of the show’s popularity just as it became the most downloaded app, and as revenue for the streaming-on-demand service tripled. With the resulting outage, viewers missed the first hour of the episode.
Enraged HBO customers took to Twitter. They demanded money back. They made disparaging memes. They cried, “How can HBO not be ready for this?”
The worst part? This wasn’t the first time it happened. The service crashed on the premiere of season 6, too, which customers were quick to point out. The timing for HBO’s latest outage was unfortunate, to say the least.
While the “Game of Thrones” outage was quickly overshadowed by the hack, both show common vulnerabilities that can haunt a brand’s reputation for years. And these incidents could have happened to anyone. How can HBO—and your business—prevent these kinds of outages and cyberattacks moving forward? Let’s take a closer look at the causes and the solutions.
Scaling servers can help you survive the pointy end of traffic spikes.
Unstable demand spikes toppled HBO’s infrastructure on the day when it should have been—and likely thought it was—prepared for anything.
In HBO’s case, password sharing and a subscribe-as-you-like model may have both masked actual demand. HBO accepts password sharing, which can attract new customers. Its subscription model is a godsend to customers who (finally) are able to pay only for the TV they watch. But when unexpected or fair weather users are logging in or signing up on premiere night, it’s tough to know how much traffic is coming.
While most organizations don’t have to brace themselves for most-popular-TV-show-level demand, auto-scaling elastic computing can help you navigate the ups and downs of holiday shopping, viral campaigns, and other traffic-heavy periods by expanding and shrinking on demand.
Chaos is a single point of failure (SPOF).
A single point of failure is a dead-end. It’s a part of your system, like a server, that does not have a backup in place. During a disaster, any data and systems relying on that server will fail, too. If mission-critical operations are relying on this SPOF, you’ll have an outage on your hands. Identifying SPOFs can prevent outages, and if you’re not testing, you may not know it exists until it’s too late.
When testing and upgrading, make sure any essential part of your infrastructure is redundant to ensure availability.
Don’t train for battle with fake swords.
There’s no better testing scenario for your infrastructure than previous outages. HBO had the perfect model to prepare for the season 7 “Game of Thrones” premiere: the crash during the season 6 premiere. The difficulty it had in predicting demand should have informed the company’s testing, which should have happened more often. Test twice a year at minimum, or quarterly if possible. Don’t go easy on yourself. Tests should show what would happen in a real disaster scenario.
Lions should concern themselves with the threat of hackers.
Even an established company like HBO, carrying the most popular TV series, can occasionally miss the mark in its approach to security. It’s possible the company didn’t have an adequate security program in place, or it may not have been monitored 24/7 with expert analysts. Egress filtering could have prevented the data from leaving the network in the first place, and data loss prevention (DLP) solutions could have alerted HBO that data was compromised.
As far as insider threats go, organizations tend to grant employees too much access to sensitive information, even when it’s not necessary to their work functions. Why? It could be by mistake. Or, in larger organizations, if an employee occasionally needs access, it may just be easier to grant it than continually contacting overworked IT personnel to adjust permissions. But a moment of complacency can lead to a lot of damage.
Above all, keep your crown jewels safe.
When you have a high-value product and a lot at stake, your data may be next in line to be held hostage for large sums of bitcoin. For HBO, “Game of Thrones” was the obvious target. Hospitals, government agencies and other organizations with guarded information are ideal targets, too.
Highly organized groups of professionals are making a career of cyberattacks, but threats can come from anywhere. A small weakness in your operation, like a neglected system update, could leave your data wide open to theft or manipulation.
What the HBO hack and “Game of Thrones” outage mean for you
Even if you don’t broadcast the most popular show in the world, you’re likely vulnerable to the same peak-demand outages and data thefts of which HBO became public victims. They’re the kind of easily preventable disasters that leave customers fuming and brands smarting. In other words, let’s hope the “Game of Thrones” season 8 premiere goes more smoothly.