Lessons Learned in the Wake of the Sony Hack

December 19th, 2014
Lessons Learned in the Wake of the Sony Hack

By Naomi Dolin-Aubertin

The hits just keep on coming for Sony Pictures in the wake of a massive hack of their systems on December 2nd. Rumors are that 100 terabytes of data were stolen from their systems. What sets the Sony hack apart from others is the malicious intent to destroy the company, as profit does not appear to be the main motivation.

One of the arguably worst impacts has been to the individual employees within Sony. While Sony's data was badly protected all around, the lack of security surrounding confidential employee data will have lasting repercussions on lives of thousands of current and former employees and their families.

So what are the lessons we've learned in the wake of this data breach?

1. All companies need to take a comprehensive look at their security measures.

This wasn't the first time Sony has been hacked. According to a Time article:

FireEye, the parent company of the cybersecurity firm Sony hired to probe the hack, studied the network security of more than 1,200 banks, government agencies and manufacturers over a six-month period ending in 2014, and found that 97% had their last line of defense breached at some point by hackers.

The fact of the matter is that even the best security can be undermined by an employee clicking on an infected link. In Sony's case, they compounded the risk by storing usernames and passwords for more secure data in a file labeled as usernames and passwords.

2. The debate about the wage gap? I think it's been settled.

In a very well-written article in the Washington Post, Sally Kohn explains how even high-powered, famous, and talented women in the movie industry are being paid about 30% less than their males colleagues. Subcontext: if box office stars aren't receiving equal pay, how is the "average" woman supposed to compete?

3. Don't talk about your coworkers over email.

Talking about coworkers or the people you do business with over a documented source, such as email or IM is a bad idea in the workplace. As the Sony leak has shown, a lot of people are dealing with the consequences of office gossip writ large on a very public screen. It doesn't help that the people they're talking about are movie stars and presidents.

4. Whether or not North Korea is responsible for the attack is irrelevant.

This is entirely my own opinion. While it would be an unprecedented (public) attack by a nation against a large American company, the fact of the matter is, it doesn't matter whether North Korea was behind the attack or not. Of course, finding (and bringing to justice, if possible) the perpetrators of this crime is important. However, what these hackers have done is provide more reasons why companies need to take a serious look at not only their IT infrastructure, but also the policies, practices, and budgets surrounding how they protect their data.

We're here to help you put your security to the test and help you make your data more secure.

Feature image from pippalou.

Leave a comment!

Your email address will not be published. Required fields are marked *