The recent cyber-attack on Sony Pictures is a unique phenomenon of our time. Not only has it gone some way to tarnishing the careers of some A-list actors, it has subsequently led to the studio pulling its latest blockbuster “The Interview” for fear of further backlash from the cyber criminals.
The reason I say this case is unique is because it defied the very nature of hacking as we know it. Rather than breach the system, steal the most valuable data, cover their tracks and run – these cyber criminals, allegedly working on behalf of North Korea in protest against the politically sensitive content in Sony Pictures’ latest hit, used their successful hack to publicly humiliate the entertainment giant.
They have done so by leaking personal emails sent between household names and high profile employees containing an array of damaging content. For what Sony Pictures may have presumed is a fairly minor part of its IT network, the breach of its email system and ensuing leak has had measurable financial implications – forcing the studio to pull its biggest film of this quarter.
Email is just one of the methods of communication we use every day – it’s arguably the most fundamental channel we use to talk to colleagues, customers, suppliers and personal contacts. Although it’s difficult to imagine why cyber criminals would want to see your emails, this case hammers home the importance of protecting company networks at every level to avoid both theft of critical data and, just as crucially, corporate humiliation.
All too often network security is little more than an afterthought for businesses. It’s easy to understand how investing in security doesn’t have the same appeal as migrating services to the cloud, a leading-edge communications suite or high-speed broadband – all of which have very tangible benefits to the business. On the other hand, they also come with their own specific inherent security risks, so security should be at the forefront of decision makers’ minds’ when choosing any IT service.
In fact, given how much publicity this event has received, coupled with the hack on Target last year at this time, companies must realize that more work and more spend must be made on security to protect a companies’ digital assets. Given what potentially can be lost, these business cases for improved security will be easier to justify and get implemented.
Do you agree with John’s viewpoint? Leave your comments below and follow him on Twitter @john_hayduk