What the Sony Hack Has Taught Companies About Security

By We Photo Booth You

Reach Laura @BizReviewAu

The breach of Sony Pictures Entertainment’s security in November is proving to be far more prolific than anyone—especially at Sony—could imagine. Besides the gossipy bits (there is no way Leonardo DiCaprio could be “despicable”, thank you very much) a lot of important, serious information was released to the public and could have far-reaching ramifications for years to come. Information security is no joke, especially when personal information, more along the lines of US Social Security numbers than how the CEO felt about Angelina Jolie, is on the line.

Contracts, termination dates, termination reasons, salaries, home addresses and contact information for the stars made it onto file-sharing networks.  The downfall? Information was stored in Microsoft Excel files without password protection. This should be a huge red flag for any company that stores customer and employee information on computers that are connected to the Internet—basically, all computers.

"This is a common theme of corporations today," Todd Feinman, Identity Finder CEO shared with CNET. "They think they are protected by firewalls and perimeter security, but the border is becoming blurred, and attacks get through."

Read related articles on Business Review Australia:
Three Reasons Why Cyber Security Should Be A Priority For Company Directors
Why Information Security Departments Are Under-Resourced
[Infographic] The History Of Email: From M.I.T. to 1bn Gmail Accounts

To make matters worse, multiple copies of data were found, meaning the Excel spreadsheets were saved more times than necessary, and dramatically increased the security risk of the company.

"When you have multiple copies of this data, you are giving hackers multiple opportunities to steal sensitive information when they get through," he said. "If Sony had reduced its sensitive data footprint by reducing the number of copies of data and reducing the number of employees with access to the data, we would have seen zero or only one file."

Although nothing is guaranteed safe as the border continues to be “blurred”, there are several ways to make it harder for potential hackers to get into your system. Perhaps the most basic lesson: Don’t store passwords in the same places as your password protected documents. Consider investing in password managing software or apps, and keep these databases on machines separate from ones containing the documents or programs that need the password. Another separation tip: keep financial and healthcare documents separate from other data.

If you still think these few tips aren’t enough, don’t hesitate to invest in security upfront. Sony will spend a hell of a lot more money at this stage of the game to clean up the mess than the company ever would have if they had paid for tighter security upfront. 


Featured Articles

How India is bucking the global dealmaking downturn

M&A deal volume and value reach record highs in India in 2022, despite slower dealmaking globally – as scope activity and acquisitions in renewables surge

Create C-suite space for the Chief Transformation Officer

Responsible for driving growth and change, the Chief Transformation Officer is the latest addition to the C-suite as business undergoes major change

12 AI predictions for the enterprise in 2023 – Dataiku

With 2023 likely to be a huge year for AI, experts from AI platform provider Dataiku deliver their enterprise AI and ML trends for the year ahead

Welcome to the new breed of private members' clubs

Leadership & Strategy

Welcome to the New Age of the CISO

Leadership & Strategy

Making the UAE the world’s strongest digital fortress