Thoughts on the Sony Pictures Data Breach
added: 12.09.2014, by Hiro Kataoka
Sony Pictures Entertainment is the latest high-profile victim of a cyber-attack that has caused it much damage and embarrassment. The breach resulted in tens of thousands of confidential documents being posted on the Internet revealing everything from Social Security Numbers of Sony employees, the home addresses and compensation plans of Sony executives, and rips against Alan Sandler. The leaks even produced documents that did not belong to Sony—documents from consulting firm Deloitte that had somehow found their way on to a computer inside Sony, disclosing compensation data on Deloitte consultants across the country.
There is little doubt that Sony invested a lot of resources to protect their network from malicious attacks, but as has been proven time and again, cyber-criminals are still one step ahead of the tools and techniques being deployed to thwart them. They are talented, motivated, and well-aware of the vulnerabilities that can give them a way inside even the most stoutly defended IT systems.
But it is one thing to be hacked; it is another to have confidential documents posted all over the Internet. We have long preached the importance of protecting both the network (the container), and the documents (the contents) to minimize the data breaches that happen as a result of the attack. It appears that Sony (and Deloitte) did not get the message. While we cannot say whether the attack itself could have been blocked, it is clear that if the leaked documents had been protected with some form of document protection, we would not be seeing them online.
If Deloitte were more careful in protecting documents it gives to its employees, it is likely that they would not have been at Sony, and as a result would not have ended up on the Web. Responsible handling of sensitive documents including protecting them when necessary are the only way of maintaining the security and integrity of information in this everything-connected age.
While perfect security may be the Holy Grail, we can all take small steps towards more responsible information management. If a document is important, and you don’t want it all over the Internet, put it in a safe place—and don’t forget to HoGo it!