Why the Sony Hack Is a Serious Cyber-War Escalation

by Don Reisinger

Don’t forget that Sony has supposedly bolstered its network security as a result of an earlier massive network intrusion. Just a few years ago, Sony’s PlayStation Network service was hacked resulting in the theft of customer data and forcing the company to shut it down for several weeks. Sony indicated at the time that it had significantly improved its IT security. But if the latest hack is any indication, it didn’t establish the same level of vigilance across all divisions.

It’s a scary day when the first response to a hack is to turn everything off. According to report, Sony Pictures went dark as soon as the hack was discovered, leaving employees to fax and send personal notes to handle business. Phone service was available, luckily, but using email or accessing corporate data was forbidden. As of this date, Sony is still working to restore its network services. The company’s radical action to shut down its network demonstrates the devastating effect such an attack could have on any company’s IT infrastructure.

There is even more bad news in the fallout from the Sony hack. According to the FBI, there’s a significant chance other companies will fall victim to the same attack. The FBI says that the malware attack used in the Sony Pictures hack can readily be used to attack any corporate network. In fact, it’s believed the same malware has been used before in similar hacks.

The cost to Sony Pictures could be a massive concern for the company as it looks ahead to the next few months. The issue is that most of the films that have been leaked online by the hackers have yet to actually hit theaters and they’re actively being downloaded on sites. According to one report from Carnegie Mellon University in 2011, such leaks can cost companies up to 19 percent of the revenue they would have otherwise generated just on box office sales.

One theory that has gained credence is that North Korea is responsible for the attacks on Sony Pictures seeking revenge for the impending release a film, called “The Interview,” a comedy about a hare-brained plot to assassinate North Korea leader Kim Jong-un. North Korea has said that it would retaliate for the film, and some believe that the attack on Sony is just that.

There’s no doubt that the possibility of a government-sponsored hack is very real. For years, we’ve been hearing reports that several countries around the world, including the United States and China, have been actively engaging in cyber-warfare. China has been charged with targeting companies to steal intellectual property and secrets. North Korea has come on the scene more recently, but has already established an intelligence division called Unit 121 that takes aim at foreign networks.

Looking at the rash of attacks that have impacted companies and consumers over the last several years, it appears as though nothing is safe from the hacking onslaught. From credit card information stolen from Target stores to movies stolen from Sony Pictures networks, no corporate or government network appears to be safe from cyber-attacks.

The sheer number of hacking groups that have hit the Web to take on companies is staggering. There’s Anonymous, and for a time LulzSec was prominent. Now, the latest group to grab headlines is #GOP, or the so-called “Guardians of Peace,” who are believed to be behind the Sony Pictures network intrusion. As hacking groups evolve and new ones emerge, it’s harder than ever for enterprises to defend themselves from the latest threats.

There should be some concern that the security community isn’t keeping pace with hackers. While numerous security firms have traced the techniques used by hackers, new avenues of attack always seem to appear. Even spending millions of dollars on securing networks just isn’t enough to permanently solve the problem. The security community appears to be behind the hackers, which is frustrating.

A recent study conducted by Pew Research Center indicated that 90 percent of Americans believe that they’ve lost all control over their personal data, indicating that they feel helpless against the ongoing spread of malicious threats. Simply put, 90 percent of Americans are putting personal data into the care of corporate custodians of one sort or another, even as they fear it could fall in the hands of cyber-criminals. That’s extremely worrisome and something that shouldn’t be overlooked, as those of us who have sustained some of the collateral damage in the cyber-warfare know.