Sony Pictures Hack Perfect Example of the Reach a Single Cyber Attack Can Have
The hack on Sony Pictures Entertainment has caused a firestorm on many fronts for many people, from embarrassing communications coming to light, to exposing other sensitive information which could handicap them in their industry going forward. The founder of Global Digital Forensics lends some expert insight into how hackers can leverage a single attack into a multi-faceted assault and some things businesses can do to minimize that risk.
The aftermath of the November 24th hack on Sony Pictures Entertainment has caused quite a stir, not only in Hollywood, but worldwide. As reported in the Los Angeles Times on December 18th, the ripples of that attack are starting a finger-pointing game which could put some high level executives’ very jobs at risk. But they are not the only ones affected, regular employees who had their email correspondences exposed could be in for some embarrassing times ahead, agents and lawyers could be in for some tough sledding now that their tactics and opinions have been dragged into the light, and even the movie stars Sony has worked with, or wanted to work with, may have second thoughts after some unflattering revelations, and that’s just the tip of the iceberg. Private thoughts by executives on the President with a racial lean surfaced, unreleased films were exposed and sexually biased pay scale questions have been raised.
“If there was ever a candidate for a case study on the many forms of devastation that can come in the aftermath of a single successful cyber attack on a business, this one would be high on the list,” says Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City. “Just look at what has happened so far,” says Caruso, “class action suits are being discussed, activist groups of all stripes are up in arms and calling for answers - and heads, movie stars are venting their frustration in the main stream media and other social media sites, a movie premiere was cancelled, the public is in a froth, and even the government is looking into the possibility that this was a state-sponsored act of cyber terrorism and weighing potential responses. So you can bet this is going to cost Sony a ship-load of money before the dust settles for good.”
“What seems surprising from the public’s perspective is how easy Sony made it for these hackers to victimize them, but from an industry perspective, it’s really not so surprising at all. We see many of the same bad cyber security habits that have so far been exposed all the time when we are called in to do vulnerability assessments and penetration testing for new clients,” Caruso admitted. “These hackers now have terabytes of confidential information to leverage when, where and how they see fit, and the full extent of the devastation it will cause will not be able to be tallied for months, if not years. But hopefully, it will at least serve as a much needed wakeup call to other US businesses that poor cyber security habits and not having at least the fundamentals well covered can easily put an entire organization at risk on many, many fonts, and that it takes action, not just good intentions, to survive and thrive in today’s digital world.”
Once an attacker has the keys, everything is up for grabs
“The critical step for any attacker is to gain that initial access, which is most often accomplished through phishing and spear phishing emails which “con” the recipient into opening a malware laden attachment or clicking a link to a malicious site. Once an intruder has gained that initial access, they are free to move sideways through the network, and it’s all downhill from there. That’s also when bad security habits get magnified. Like in the Sony attack, once they were able to access emails, they found passwords to various accounts that were actually sent by email from one party to another. So in one shot, multiple accounts were compromised, and so on, and so on,” Caruso says. “It may seem old-school these days, but you’re probably much better off giving someone a call to talk about private things, because if you type it, anywhere, there is always a chance someone will get their hands on it eventually.”
Before, during and after an attack – Real cyber security experts can help you get through it
“With all the high profile hacks that have occurred over the last year making headlines one after another, it should be obvious to every business by now that there is no such thing as perfect protection, and if any cyber security expert tries to tell you otherwise, run away, don’t walk, because they are trying to sell you bad fiction, not truth,” warns Caruso. “The reality is that any organization can potentially be hacked, from your favorite family owned pizza parlor down the street, to the largest and most well-known companies and agencies on the planet. The real keys to surviving today’s cyber threat landscape are making the likelihood of being attacked as low as conceivably possible to start with by getting a firm handle on the basics, which will thwart over 95% of threats out there and help identify suspicious activity when it occurs, and having an effective emergency response plan in place to stop and eradicate any threat that manages to make it through as quickly as possible, which will be invaluable when it comes to minimizing the damage, protecting business integrity and customer trust, and controlling the costs of the aftermath which can otherwise spiral out of control. That’s what we help clients do every day, with over 20 years of real-world experience to back it up. So don’t wait until it’s too late, the right help is available, you just have to make the call.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.