SONY hacking incident and the learnings

Last month, hackers infiltrated the computer network of Sony Pictures Entertainment, a major Hollywood movie studio and stole a huge number of confidential documents. This has caused lot of interest in the industry: for the journalists to know interesting revelations, for the security experts to understand the Root Cause of the incident and all the business leaders across all verticals as they are worried about how to prevent their businesses from such disasters.

What happened to Sony?

When Sony Pictures employees got into the office on Monday, November 24, 2014 they discovered that their corporate network had been hacked. The attackers took terabytes of private data, deleted the original copies from Sony computers, and left messages threatening to release the information if Sony didn't comply with the attackers' demands. Someone claiming to be a former Sony employee posted this screenshot, which (allegedly) shows the message that appeared on Sony employees' computer screens:

Sony's network was down for days as administrators struggled to repair the damage. Staff were reportedly forced to work on whiteboards to do their jobs.

But the greater damage was from all the confidential information that got leaked to the public. The hackers posted five Sony movies (four unreleased) to file-sharing networks. And they also leaked thousands of confidential documents — everything from private correspondence among Sony executives to salary and performance data about Sony employees. Those documents were password protected, and whoever is behind the hack provided said password to the journalists so that the data would get leaked to general public.

Some people have blamed North Korea for the attacks. Were they responsible?

North Korea is furious at Sony for producing a movie depicting the assassination of North Korean leader Kim Jong Un. (PEDRO UGARTE/AFP/Getty Images)

Nobody is able to confirm with confidence, but it's looking likely that North Korea was behind the attacks. US government is suggesting that North Korea is behind this attack. There is some circumstantial evidence linking the attacks to the North Koreans.

Forensic analysis has found that the methods used against Sony are similar to those used in a 2013 attack on South Korean companies last year.

North Korea is reportedly furious at Sony because the studio was about to release The Interview, a comedy in which Seth Rogen and James Franco play characters who attempt to assassinate North Korean leader Kim Jong Un.

A message claiming to be from the hackers demanded that Sony "stop immediately showing the movie of terrorism which can break the regional peace and cause the War." The hackers threatened to launch 9/11-style attacks against American movie theaters that showed the film.

And this cyber terrorism threat got Sony to drop or the film?

Yes it did. Theaters became nervous about the possibility that the attackers — whoever they were — would follow through on the threats. Or, perhaps, that fears of terrorism would keep moviegoers away from the theaters. Either way, some theaters asked Sony for permission to drop the film from their lineups.

Does Sony have a security problem?

Millions of PlayStation gamers were affected by the 2011 attack on Sony. (Philip Sowels/Future Publishing via Getty Images)

Notably, this is not the first time Sony has been targeted by hackers, and it might not even be the most damaging incident.

In 2011, Sony's PlayStation network was attacked by hackers who stole personal information about millions of PlayStation gamers and took the network down for weeks. This attack was motivated by anger about Sony's lawsuit against an American hacker who attempted to reverse-engineer the PlayStation 3 to allow users to play third-party games not authorized by Sony.

Critics have argued that Sony has taken a lax approach to online security. They pointed out, for example, that the company laid off two security workers just weeks before the 2011 attacks.

And security expert Chester Wisniewski opined that the hackers' efforts in 2011 were made easier by Sony's flat-footed response. They'd exploit a vulnerability in one Sony office, then use the same attack days later in another part of the world. "The crooks were able to attack the same thing because Sony Pictures wasn't going out and fixing it," Wisniewski said.

Last month's attack makes it clear that Sony still hasn't fully locked down its network. Yet it's hard to know whether this means that Sony has particularly lax security practices — or if it just happens to be the favorite target of hackers. Hardening a corporate network as large as Sony's is really difficult, and even a company that takes every precaution may still be vulnerable to a sufficiently determined and talented attacker.

Joseph Demarest, an official with the FBI's Cyber Division suggested that "the level of sophistication" of last month's attack was "extremely high." He believes that "the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today."

What lessons do we learn from Sony attack?

1. Cyber threats can lead to disastrous consequences. We cannot afford to be lax on Information Security. It is difficult to estimate the loss of not protecting our networks appropriately.

2. Companies and employees should give lot more focus on Information Security. Companies like Sony tend to under-invest in locking down their networks because it seems like a needless expense until disaster strikes. Cleaning up the mess from this latest attack will cost Sony millions.

3. Companies should make sure they're well-prepared to respond to attacks. For example, making regular backups can allow a company to recover in the event that hackers delete important data. Learning from the events and fixing the holes is very critical

4. Corporate executives should bear in mind that their decisions might be unexpectedly exposed to the light of day. It is a good idea to avoid sending embarrassing emails and store critical data unprotected.

5. It is not sufficient to password protect sensitive data. Password protection can be hacked easily as happened in this case. It is essential to encrypt sensitive data at rest (Disk storage) and during transmission (email and ftp). Hackers cannot steal encrypted data.

Please contact futurecalls by sending an email to know more about full disk encryption and how to protect your network.