Dealing with attacks, intrusions, and data thefts is now a part of doing business for many organizations. Threats like these are a regular problem that organizations have to face, and the consequences of an incorrect defense strategy quickly become apparent.
The recent attack on Sony Pictures highlights this problem. In late November, the company’s corporate network was breached by a group calling themselves Guardians of Peace (#GoP). An image first posted on Reddit added that an image was displayed on every employee’s computer which carried a message from the hackers that demanded that their “requests be met”.
The hackers claimed that they were in possession of several ZIP files with confidential employee data that included their names, profiles, salaries and date of birth. Other information that was allegedly stolen was the personal information of celebrities starring in various Sony Pictures films. Five full-length films that have not yet been released were also leaked to various fire-sharing sites.
The response of Sony Pictures to this incident is also worth highlighting. The typical response to a high-level attack of this nature is meant to allow an organization to properly investigate an existing attack with the minimum disruption necessary to an organization’s day-to-day activities. However, existing reports about this attack indicate that they responded by disabling the entire corporate network. In addition to severely disrupting day-to-day business activities, this also makes investigating any attack more difficult.
Typically attackers of corporate networks are thought of as interested in stealing ether money or information. This attack reminds IT administrators that some attacks may be designed primarily to disrupt the activities of the target organization – in effect, hacktivism writ large. Organizations must consider this and defend their networks accordingly.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).