One of the most shocking occurrences in the cyber world, as we bid goodbye to 2014, has been the hacking of Sony Pictures. On November 24, 2014, high profile information about Sony Pictures employees, email exchanges, key personnel salary information, copies of unreleased films, and other information were obtained and released on the Internet by a hacker group with a calling card ‘Guardians of Peace’. While there’s speculation that the cyber-attack was sponsored by the North Korean government, the true identities and motives of the hackers are still unclear. It is believed that the hack was planned to disrupt the release of the film The Interview, which depicts an assassination attempt on North Korean leader Kim Jong-un.
Sony received quite a blow with exposure of such sensitive information. To add to the humiliation, the company also had to bear the brunt of not being able to get its security strong enough to avert such attacks, despite the Sony PlayStation network being hacked earlier in 2011. For a company of Sony’s stature, they have a very lean security team, and have not been following basic data storage strategies such as data compartmentalization.
In Sony’s defense, Joseph Demarest, an FBI Cyber Division official stated that the level of sophistication of the malware used was so high that it would’ve gotten past 90% of today’s security solutions. But still there are lessons to be learned from this hack.
#1: Companies should invest more in network security
They should lock-down their networks instead of waiting for a disaster to strike. They don’t say ‘prevention is better than cure’ for nothing!
#2: Companies should have a disaster recovery plan in place
Though this sounds common sense, it was shocking to learn that Sony employees had to use whiteboards while they security teams were figuring out what needs to be done next. Companies should make it a mandatory practice to take regular backups (automated or physical) – doing so puts it in a good position to get back up in the event that hackers delete important data.
#3: Maintain professional communication etiquette
Corporate executives need to remember the Sony Hack as an example, that their decisions might be unexpectedly exposed someday. Observing professional email etiquette will ensure that one doesn’t lose face in the event of a major hack.