The Sony pictures hack last November was both shocking and unexpected. Beginning with an ominous warning that the entertainment company had been “hacked by GOP,” large amounts of private and sensitive information was subsequently leaked.
However, while it was obviously a hugely damaging episode for Sony, it could also be a watershed moment for IT security in general.
The scale of the leaked information may mean that companies re-evaluate what can and cannot be said via internal communications.
The Sony hack saw personal emails shared with millions and included confidential information regarding future movie releases and also derogatory comments about high-profile celebs and even US President Barack Obama. Dialogue between Sony Pictures chair Amy Pascal and producer Scott Rudin contained jokes about Obama preferring movies featuring African American characters.
Given that hackers are using more and more sophisticated attempts to infiltrate companies, organisations may have to decide that enforcing stricter codes of conduct for internal communications is the only way to mitigate against future leaks of this nature.
As security breaches are impossible to rule out entirely, businesses may have to decide, where possible, if they can afford to have certain information leaked.
The Sony Pictures hack also showed that the nature of hacking and cybercrime is changing. Hacking is not restricted to the stereotype of the loner IT geek, but is carried out by large, sophisticated networks of individuals, who are sometimes politically motivated.
In the case of the Sony Pictures attack, the cause of the hack was believed to be connected to the planned release of “The Interview,” a film portraying the assassination of North Korean leader Kim Jong-un.
“We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to,” explained GOP in a message to Sony Pictures.
Other high-profile hacking groups have also demonstrated their political motivation, including Lizard Squad, Anonymous and the Syrian Electronic Army. Often these groups are part of a movement known as hacktivism, where social or political change is the driving force behind the hacks.
The massive reputational damage that hacking can cause businesses means that IT security needs to be valued by an organisation’s highest level executives.
Businesses cannot rely on IT technicians to simply implement firewalls and other security protocols to protect a business. Rather CEOs and other senior management figures should instigate a culture change whereby IT security becomes the concern of all employees.
The growth of personal mobile devices in the workplace has made security more complex than ever before, but there are still a number of steps that C-level employees can implement. Firstly, they must be aware of the legal requirements surrounding privacy and sensitive information and then implement a robust and clear security policy. As well as continuously monitoring applications and services for potential threats, top-level execs must also have a well-known risk management policy in the event of security breaches.
Considering cyber threats are widespread and increasingly sophisticated, neglecting IT security is not merely foolish, but corporately negligent.
IT security is now a core element of many business decisions, but it has become increasingly complicated in the face of mobile, cloud and social technologies. Expert advice and guidance on how to stay secure will be available at this year’s IP Expo, taking place on the 20-21 May at Manchester Central.