Why the 2014 Sony Pictures hack has so many lessons for all of us The devastating hack that was launched on Sony Pictures Entertainment (SPE) in November, 2014 is quite mind-boggling in so many ways. The companys pockets were virtually turned inside-out, with attackers claiming to have stolen over 12 Terabytes of corporate information. Its a sensational story. But we should be using this example as a case study in how not to secure your business and personal information. The amount and scope of the information stolen indicates a number of areas of information security in which we should all reflect, whether the reports are completely accurate or not. streetwise-security-zone/members/streetwise Lesson #1 - Businesses should create secure zones within their networks to prevent attackers from roaming freely if they do manage to break in. Think of how a submarine has many water-tight compartments, in case the hull is breached, the rest of the vessel can be sealed to prevent water from filling it up. The SPE network appears to have been easily explored by the attackers, but business networks can and should be segmented with security firewalls to prevent this. Lesson #2 - Employees should think about what they commit to writing in emails and other business documents. In the event that documents get leaked, any inflammatory comments or opinions can cause damage to the reputation of the business, as well as the individuals involved. A number of SPE executives email folders have been made public, with comments about actors and other business partners that will surely hurt future prospects for building trusting relationships. When you write an email - especially one that involves your emotions and your opinions of others - think to yourself, What could happen if this email ever became public? Lesson #3 - Having an official Records Management program within a business can mitigate risks of many old - yet still sensitive - pieces of information being impacted by a security breach. This includes personal emails, which are typically categorized as transitory or not relevant to business operations, and should be erased as a routine business practice after a few months. A formalized Records Management program could have automatically purged much of this information, and may have avoided numerous business and personal exposures in the SPE incident, such as passports, drivers licenses and even personal emails with payment account details for jewelry. There are many other lessons that Im sure can, and will, emerge over the next year, as we learn more about what happened in the Sony Pictures hack. So, I recommend that you read what you can about the attack - but please try to refrain from trying to view the actual leaked information. It wasnt meant for you to see. Kaspersky, a well-known computer security company, has a good description of what happened, as of December 11, 2014. But Im sure more details will come out over the next several months.
Posted on: Wed, 31 Dec 2014 11:27:23 +0000
Trending Topics
Recently Viewed Topics
© 2015