Sony Pictures Entertainment was hacked in late November by a group called the Guardians of Peace. The hackers stole a significant amount of data off of Sony’s servers, including employee conversations through email and other documents, executive salaries, and copies of unreleased Sony movies. Sony’s network was down for a few days as administrators worked to assess the damage.
According to the FBI, the hackers are believed have ties with the North Korean government, which has denied any involvement with the hack and has even offered to help the United States discover the identities of the hackers. Various analysts and security experts have stated that it is unlikely that the North Korean government is involved, claiming that the government likely doesn’t have the infrastructure to succeed in a hack of this magnitude.
The hackers quickly turned their focus to an upcoming Sony film, “The Interview”, a comedy about two Americans who assassinate North Korean leader Kim Jong-un. The hackers contacted reporters on Dec. 16, threatening to commit acts of terrorism towards people going to see the movie, which was scheduled to be released on Dec. 25. Despite the lack of credible evidence that attacks would take place, Sony decided to postpone the movie’s release. On Dec. 19, President Obama went on record calling the movie’s cancellation a mistake. The movie was released online and in a limited number of theaters.
Although much of the attention over the hack centered on the cancellation of “The Interview”, information has been released that claims Sony knew its network was prone to a large cyber event. In late 2013, the company was warned that hackers were stealing data on a weekly basis, and then encrypting it to hide their tracks. This discovery was made as part of a review of Sony’s cyber security practices after the company struggled with security on its PlayStation network. The personal data of 77 million PlayStation Network users was compromised in 2011, but, according to two people familiar with the incident, Sony did not conduct an audit afterwards to determine just how much data was stolen.
In addition, an audit of Sony by PricewaterhouseCoopers from July 14 to Aug. 1 found that one firewall and more than 100 other devices were not being monitored by the company’s corporate security team, but instead by the studio’s in-house group. Auditors alerted Sony that this inefficiency could lead to slow response times, should an attack occur. Results of the confidential audit were released as a part of the hack in late November.
Security experts believe the hack could cost Sony a minimum of $100 million, possibly even reaching double that amount.
The attacks on Sony just reiterate what security experts have been saying for years—prepare for the worst by implementing strict cyber security protocols and having a sound cyber security insurance policy for the worst case scenario. Contact Warren G. Bender Co. today to discuss your cyber security insurance options.