Sony hack sparks major global alert

Attack, which investigators believe is linked to North Korea, culminated in cancellation of film

Signage is displayed at the Sony Pictures Entertainment   studios in Culver City, California.  Photographer: Patrick T. Fallon/Bloomberg
Signage is displayed at the Sony Pictures Entertainment studios in Culver City, California. Photographer: Patrick T. Fallon/Bloomberg

Companies across the world are on high alert to tighten up their network security to avoid being the next firm brought to its knees by hackers like those who carried out the dramatic cyber-attack against Sony. The hack, which investigators believe is linked to North Korea, culminated in the cancellation of a Sony film and ultimately could cost the studio hundreds of millions.

That the hack included terrorist threats and was focused on causing major corporate damage, rather than on stealing customer information for fraud, such as in the breaches at Home Depot and Target, indicates a whole new frontier has emerged in cyber-security. Suddenly every major company could be the target of cyber-extortion. "The Sony breach is a real wake-up call even after the year of mega-breaches we've seen," said Lee Weiner, Boston security firm Rapid7's senior vice president of products and engineering. "This is a completely different type of data stolen with the aim to harm the company."

This should signal to all US businesses that they need to "take cyber-security as serious as physical security of their employees or security of their physical facilities," said Cynthia Larose, chairwoman of the privacy and security practice at Boston law firm Mintz Levin. The breach is particularly troubling in Hollywood, where secrecy is supposed to be paramount to insure that movie secrets worth millions are not leaked.

"Movie studios have, by and large, behaved as high-security intellectual property purveyors; prints have been tightly controlled, screeners are watermarked, and bootleggers are prosecuted wherever possible," said Seth Shapiro, a professor at the University of Southern California's School of Cinematic Arts. He said what made it so surprising was that email leaks showed Sony executives apparently gave out passwords in unencrypted emails and made other security blunders.

READ MORE

“The apparently laxity of Sony IT security — given the history of prior hacks - is unprecedented in the history of media technology,” he said.

Sony’s PlayStation network was hacked in 2011. Studios are trying to tighten up procedures in the wake of the Sony attack. Warner Brothers executives have ordered a company-wide password reset and sent a five-point security checklist to employees advising them to purge their computers of any unnecessary data.

"Keep only what you need for business purposes," the message, in an email seen by The Associated Press, said. Even so, some say there is little corporations can do to prevent such a sophisticated attack. The key may lie more in detection and limiting damage. "There are very few companies that can withstand that kind of large assault," said Rich Mogull, an analyst with security firm Securosis in Phoenix, Arizona.

“But a lot of companies do need to improve what they’re doing on security, I see it every day with companies I work with.”

AP