We’ve been reading the proliferation of articles on the cyber-attacks on Sony, and weighing up the associated facts and information on the web. One thing does seem clear – we think it is extremely unlikely that North Korea has actually carried out the hack.
On hearing about the hacking attack back in 2014, one of our 2-sec penetration testers thought then that it would be an “insider” job – for example a recently fired ex-employee that knew all about the vulnerabilities in the Sony system, and who had leaked these to a sympathetic hacking group. He thought that it might be some of the recently fired system administrators, or maybe sensitive data being leaked and distributed from contract software developers.
It appears to 2-sec that North Korea just doesn’t seem to have the capability to carry out such a sophisticated attack. The more important question is how exactly the hacking group gained access to Sony’s networks and computers.
So, what can be learned from the Sony breach?
Well, first of all, these types of breaches and cyber-attacks are unfortunately going to become much more common into 2015 and beyond. Hacking groups, ex-employees, competitors and even nation states are expected to be targeting businesses, equally those with high profiles and those without, to inflict as much damage as possible, for a variety of different reasons.
Chris Phillips, Director of Physical Security at 2-sec and ex Head of the National Counter Terrorism Security Office in the UK commented,
“This attack is unfortunately a real sign of the times – the new “normal” as it were. Actually more importantly, we need to look at the hack as a useful tool to remind businesses on their need to do more cyber wise to protect themselves”.
Sony obviously failed to secure its computer network even though they appeared to know about their weaknesses for some time, (especially since hackers had been able to disrupt their PlayStation network since 2003).
How many other companies in the UK and USA would be in the same boat, if they too were the target of a cyber-attack?
Surely these hacks show that preparing your company for the worst is one of the most important things you can do?
Now imagine the worst case scenario and that you have been hacked. Where will the most likely breach occur? Maybe your employees are your weak point and they have little understanding of cyber security basics. If your senior managers don’t understand how essential online security is to the reputation of your company, then the allocated budget for training and securing your network system is probably inadequate.
Just consider: Where is your most important information? How is it secured? Where are the weaknesses and vulnerabilities? Do your suppliers and contractors have robust security measures in place?
You can always consider cyber insurance to recompense your company against the fallout when a cyber-attack becomes public. Of course such insurance premiums and the expectation of securing corresponding payments depend on how well your company is protected against cyber security attacks, and the type and breadth of cover needed.
One of the main points about the Sony hacking was that the attackers were able to stay under cover for so long, giving them time to assess the network, download files, map weaknesses and vulnerabilities.
If you haven’t done so already, this very public breach of security should indicate that you need to write an IRP (a written Incidence Response Plan, in order to identify WHEN and HOW your company has been hacked. A correctly prepared IRP will determine your company’s usual network behaviour thus creating a baseline for your IT infrastructure activity. Then, the IRP will contain procedures to identify abnormal or anomalous network activity. Then you can actually identify when an attack is occurring, and you will be in a position to respond.
Having identified all threats and prevented all dangerous network activity you can start to restore the company systems and begin re-creating you company’s reputation among clients, customers and your own employees
So…creating an IRP may be one of the most important things you can do in 2015. It should reduce your cyber insurance premium, make improvements to your network and physical security and limit any legal liability in the case of an attack.
Be among the leaders in your industry and differentiate yourself from your competitors by showing how seriously you take cyber security and the safety of customer and supplier data.