The Sony Pictures Entertainment cyber attack represents a major shift in the techniques and motivations attackers use. This should give all technology executives pause as they rethink their cybersecurity strategy and their plans to protect wide swaths of information across increasingly complex and interconnected networks.
The Sony attack was a very different animal – it wasn’t about money at all. The attack on Sony may have been motivated by the desire to do harm or embarrass a firm, rather than steal information for financial or strategic gain. In other words a slam to the companies brand and reputation. There are some who believe the perpetrator was the North Korean government looking to express its unhappiness with Sony’s new comedy about their country.
The Sony Pictures breach extracted a huge amount of sensitive data, including the Social Security numbers of more than 47,000 current and former employees and Hollywood celebrities.
What are some of the big take-aways from this massive breach?
- Understand where information is stored. Smart firms till pause to learn from Sony’s experience, which underscores how important it is for them to understand the particular information that is stored in their various IT systems, and to provide extra protection where necessary.
- Too much data available on one network. Companies today often push for integrated environments, making data available for use by many people on many systems, raising the potential for single points of failure.
- Spread out the risk. The malicious software that wiped data off an unknown number of Sony Pictures servers and interrupted communications appeared to spread quickly, which may have indicated that there wasn’t enough segmentation in the network. Even critical services like email can be segmented. Instead of having one mail server with 80,000 accounts, a company might want to create 10 servers with 8,000 accounts each.
- Avoid the domino effect. The Sony malware capitalized on existing basic tools resident in the Microsoft operating system, masking its operations as seemingly normal system behavior. The malware traveled laterally very rapidly through the network where each computer would order the wipe of the computer next to it. They all fell, one after another.
What needs to be in place to combat this type of attack?
- Training and education programs,
- Clearly articulated response plans.
- Increased threat intelligence capabilities.
- Buy-in from the executives and board of directors.
Time is a wasting! Get on it!