Last year in November, hackers
infiltrated the computer network of Sony Pictures Entertainment. The attackers
stole a huge number of confidential documents, which are now being downloaded
(primarily by journalists) from file-sharing networks. Since then, journalists
have been poring through the files looking for interesting revelations.
The hackers are widely believed to
be backed by the North Korean government, which is furious at Sony for
producing The
Interview, a movie that depicts the assassination of North Korean
leader Kim Jong Un.
The attackers took terabytes of
private data, deleted the original copies from Sony computers, and left
messages threatening to release the information if Sony didn't comply with the
attackers' demands. Someone claiming to be a former Sony employee posted this
screenshot, which (allegedly) shows the message that appeared on Sony
employees' computer screens:
We don't know for sure, but it's
looking increasingly likely that that North Korea was behind the attacks. On
Wednesday, multiple media organizations reported the US
government has concluded that the regime was responsible. And there is some
other circumstantial evidence linking the attacks to the North Koreans.
Forensic analysis has found that the methods used against Sony are similar to
those used in a 2013 attack on South Korean companies
last year.
A message claiming to be from the
hackers demanded that Sony "stop immediately showing the movie of
terrorism which can break the regional peace and cause the War." The
hackers threatened to launch 9/11-style attacks against American movie theaters
that showed the film. Ultimately, then, the question is less about whether to
report on the documents than how much to report. Some information — like, say
the Social Security numbers of Sony employees — is clearly out of bounds.
Millions of PlayStation gamers were
affected by the 2011 attack on Sony. (Philip Sowels/Future Publishing via Getty
Images). In 2011, Sony's PlayStation network was attacked by hackers who stole personal
information about millions of PlayStation gamers and took the network down for
weeks. Critics have argued that Sony has taken a lax approach to online
security. They pointed out, for example, that the company lay off two security workers just weeks
before the 2011 attacks. Hardening a corporate network as large as Sony's is
really difficult, and even a company that takes every precaution may still be
vulnerable to a sufficiently determined and talented attacker.
First and foremost, lots of
companies should be investing more in network security. Companies like Sony
tend to under-invest in locking down their networks because it seems like a
needless expense until disaster strikes. Cleaning up the mess from this latest
attack will cost Sony millions; hopefully that will inspire other large
companies to hire additional security experts.
Second, companies should make sure
they're well-prepared to respond to attacks. For example, making regular
backups can allow a company to recover in the event that hackers delete important
data.
Finally, corporate executives should
bear in mind that their decisions might be unexpectedly exposed to the light of
day. If you're a senior executive at a big company, it's a good idea to avoid
sending overly embarrassing emails or having embarrassingly lopsided pay
scales. Hackers not only deleted the primary production data but also went on
to delete the backup taken and also the Disaster recovery site that Sony had
created in case any mishap happened to production data. Sony faces loss of millions
of dollars due to the loss of data and business downtime.
Losses that Sony faces now are many
but below are few highlights:
1. Lost almost all production, backup and disaster recovery
data
2. Lost millions of dollars in data loss and downtime.
3. Hackers released 4 unreleased Sony movies online.
4. Confidential documents were released which had information
about employees.
5. Rebuilding all the data shall take months.
6. Sony says all its promotional sites are gone.
No comments:
Post a Comment