Sony Network Breach Teaches Lessons for All Enterprises
NEWS ANALYSIS: It's a natural assumption that Sony Pictures was hit by a revenge cyber-attack from North Korea, but the fact is all enterprises are just as vulnerable as Sony.The idea that the government of North Korea is behind the recent attack on Sony Pictures almost reads like an effort to promote the upcoming movie, "The Interview." In the movie, the Central Intelligence Agency sends two bumbling journalists on a mission to assassinate the North Korea dictator Kim Jong Il, a plot that has apparently annoyed that ruler. Sony Pictures, the studio behind that movie, apparently is saying that North Korea is indeed behind the cyber-attack in November that took down company's computer systems during the Thanksgiving holiday period. However, there are competing claims from a group that calls itself the "Guardians of Peace." In any case, the attack on the company not only took Sony Pictures offline, the attackers also erased data and leaked Sony movies, some of them unreleased, on the Internet. However, nobody really knows for sure whether North Korea was behind the Sony Pictures attack. Nobody knows whether Guardians of Peace had anything to do with the actual breach, is a North Korean front organization or whether it's simply a bunch of wanna-be hackers claiming credit for something they didn't do. Complicating matters, nobody knows exactly how the attackers gained access, although there are a few theories.
As I found out when I interviewed Frank Abagnale, this is a situation in which someone clearly did something they weren't supposed to do. The identity of that person may never be known, but the fact is that Sony Pictures has a long list of employees and contractors, any one of which could have made a fundamental security mistake or who may have failed to beef up their security enough. Or as Abagnale has suggested, perhaps Sony Pictures simply didn't provide enough of the right training.