Written by Philip Magson
Chaos gripped Sony pictures in November 2014, when a cyber-attack penetrated the studio’s internal network, resulting in the leak of several upcoming motion pictures and a large number of sensitive emails. While nobody yet knows who was behind the attack, what we do know is that even the biggest companies cannot afford to overlook cyber-security…
The identity of the Sony hackers has been the subject of intense media speculation – the wildest theories being that it was a team of elite North Koreans, angered by the impending release of Seth Rogen’s new movie, The Interview, which promises to show the country’s leader, Kim Jong Un, in a less than flattering light. Whatever their motive, the hackers took unreleased films, internal emails and personal details of thousands of Sony employees – and released everything online.
I talk to clients about data-protection and security on a daily basis but, without wanting to downplay other incidents I’ve dealt with, the Sony incident is a perfect example of just how painful and costly a cyber-attack can be in a business context – and how its effects can snowball. The leak of the unreleased films will hurt Sony’s ticket-sales significantly while the internal emails – that made their way into the public eye – contained contract details, memos and other highly sensitive information – hugely embarrassing for a company which needs to maintain professional business relationships.
But let’s not forget the on-going effects of the attack which crippled Sony’s network, grinding productivity to a halt and forcing staff to shut down their PCs and resort to pen and paper to get work done. Talking of Sony’s employees, it’s difficult to know what impact the attack had on them: personal and professional information could easily have been lost, leaving employees vulnerable to future threats… there’s even speculation those employees could sue the company for failing to protect them. Let’s not forget the costs Sony will incur in their effort to investigate the attack and find out exactly what happened. All in, some experts are predicting the cost of the hack to Sony could top an eye-watering $100 million.
While I can’t imagine the nefarious hackers of the DPRK are actively targeting any of my clients, these are exactly the kind of security threats we want to prepare businesses for. Fortunately, there are plenty of straightforward ways to do that: from basics, like enforcing strong password protocols and being vigilant against malware (Sony’s attack is thought to have originated from malware), to encrypting networks and backing up data online. Today, businesses have a huge advantage when it comes to protecting and recovering lost data in the aftermath of an attack – by working with, and storing it, on the cloud. Yet, while cloud platforms make protecting your company’s data easier, they don’t offer immunity – and require their security measures which are just as important as those you use with on-site networks.
Sony will recover from their brush with cyber-crime (thanks to their billions of dollars of resources), but if there’s a lesson to be drawn from the incident by the wider business community, it’s that security compromises aren’t just about lost data – there are plenty of on-going consequences, which can be just as painful. If you think you’ve taken steps to protect your business’ virtual assets, make sure you’re thinking about the big picture: will you be able to respond quickly to resolve the threat? Will you be able to recover data that is lost or corrupted? And, perhaps most importantly, will you be able to protect your employees and your business in the future?