make a good business better

Blog Information Security

Print Divider Print Divider Branding

On the Sony Breach and How to Prepare for Destructive Cyber-Attacks

12/05/2014  |  By: Jason Riddle, CISSP, President, Information Security


Social Logo Social Logo Social Logo Social Logo

  Recently, Sony Pictures Entertainment experienced a data breach that is in many ways unprecedented – and may serve as a harbinger of attacks to come. This new breed of breach can be particularly pernicious, but organizations can take some basic steps to mitigate the potential damage.

What this attack means

As of this writing, many details about the attack on Sony remain hazy. The likely effects of the breach are highly visible

  • Five feature films were pirated and placed on file-sharing networks, including the currently unreleased “Annie.”

Possibly obtained from “screeners” prepared for entertainment industry critics, these thefts represent something of an outlier from most film piracy – it is not common for major studio releases to be pirated in advance of their theatrical releases.

  • Sony employees’ personal data was released.

What the hackers described as “tens of terabytes of data” was posted on the upload site Pastebin, including Sony employees’ salaries, Social Security numbers, passwords, and more. All indications are that this was a highly targeted attack. Some evidence suggests that the threat originated out of North Korea, potentially out of retaliation for the release of a forthcoming Sony Pictures Entertainment film depicting an attempt on the life of Kim Jong-un. Regardless of its origin, the attack – coming on the heels of another major breach at Sony – has made a serious impact on the company’s employees and image. But what does this mean for other companies and organizations?

Destructive attacks

Shortly after the Sony attack made headlines, the FBI sent a private “FLASH” advisory to a variety of companies. This advisory warned of a particular type of malware that destroys data on victims’ hard drives, making recovery difficult or impossible. For companies, this malware represents a serious threat that may become more and more prevalent. Losing sensitive data can be very costly – and also makes investigation of breaches much more difficult. Often, hackers leave some of their most revealing footsteps and fingerprints on their victims’ hard drives. But with this malware, they burn down the bank after they rob it, eradicating any clues they might have left there. Increasingly, it seems that hackers have identified organizations’ access to their own data as a point of vulnerability and potential profit. We’ve seen a spate of recent attacks in which hackers encrypt a company’s data, and then hold that data hostage for a ransom. How, then, can companies protect themselves?

Safety measures

A strong, comprehensive security strategy based on detailed risk assessment is essential. But in the meantime, there are two key measures that organizations can take to minimize their vulnerability to a destructive attack like the one that seems to have been made on Sony.

1) Ensure that you have effective backups of essential data. Make backups of important data and store these records with their own unique security measures or even on hard drives without a persistent network connection. With reliable backups, your organization will be much less vulnerable in the case of a destructive attack or a “hostage” situation.

2) Restrict access to critical files to the highest practical degree. Often, more users than necessary have access to critical files on a given network. But the more users who have such access, the more risk of a breach. Identify who needs the data readily available and who does not, and restrict user accounts accordingly. This can help mitigate the risk of intrusion and attack.

As always, preparedness is paramount. By assessing crucial data and the best ways to preserve and protect it, organizations may be able to give themselves the support they need to stay on their feet in the event of a cyber-attack. In today’s security environment, such preparation is increasingly necessary.

Check out our free guide, Breach: Network Security Best Practices for Prevention, Detection, and Response, for more information on ensuring the safest network security for your firm.

On LinkedIn or Twitter? Follow us on LinkedIn and on Twitter @lbmcsecurity. Learn more about how our team at LBMC Information Security can help your team armor up with a wide range of network defense servicesContact us today!