Sonys cyber attack
The hack is historically unique and exceptional because the perpetrator was suspected to be the North Korean Government. Indeed, the hacker’s IP address was traced and found to have originated in North Korea (Inkster, 2015). Nonetheless, it is interesting to note that the reason for the hacking of Sony Pictures Entertainment is a movie titled ‘The Interview. ’ Prior to the attack, the government of North Korea had warned the United States government of sever and decisive countermeasures, if they failed to cancel the release of the film, ‘The Interview. ’ The failure of the government to respond was followed by an attack on Sony Pictures Entertainment. The incident forced Sony Pictures Entertainment to take its network offline as GOP began posting movies, social security number, personal information and salaries to the internet.
On 21st November, 2014, an email was addressed to the CEO of Sony Michael Lynton, Amy Pascal, the chairman, and other executives demanding for monetary compensation to avoid a great damage. On 24th November, information began circulating stating Sony Picture Entertainment has been hacked and their nationwide network taken control of by a group called The Guardians of Peace (Sharp, 2017). In addition, the hackers stole sensitive data from the company which they would slowly begin to release. Despite the apparent concerns, Sony Pictures Entertainment opted to release the movie on 25th December 2914. The company simply claimed the attack was very sophisticated. What Sony could have done In 2011, Sony Pictures Entertainment decided to conduct an upgrade of its computer systems. Following a previous Cyber-attack that threatened to end Sony’s Play station network, the company also decided to fix know security gaps.
Regardless, such efforts proved futile three years later. Securities protocols undertook by most companies often have a short life-span. In Sony’s case, identification of spear-phishing as a weakness targeted by the hackers demonstrates how the company failed to be aware of the breach (Whyte, 2016). The first step should have been for the employees to undergo Phishing training. Nonetheless, such a step does not help in regards to other human failings which can be exploited, thus, phish training alone cannot help prevent an attack. Such failings include password reuse, and over-sharing on social networks which opens up the company to certain vulnerabilities. Therefore, in addition to phish training, a competent awareness program could help address the issue. Conclusion Even though it may be challenging to prepare each employee for every possible calamity, with each awareness campaign, the employees eventually become aware on how to protect themselves from cyber criminals or respond to most vulnerability, despite lacking previous training in regards to a given hazard.
At the same time, awareness programs should be as inclusive and comprehensive as possible. In doing so, employees become aware of more and more issues that are popping up everyday. Sony’s cyber-attack can be a great example to many organizations. Regardless, making the best use of GOP’s attack on Sony Pictures Entertainment as a learning experience and source of motivation for organizations to improve their security programs, professionals and all those involved in the creation and implementation of security programs, software and protocols should work together to ensure technological solutions are as comprehensive as possible. What Do We Know About Past North Korean Cyber Attacks and Their Capabilities. Center for Strategic & International Studies, Korea Chair Platform, 1-2. Sharp, T. Theorizing cyber coercion: The 2014 North Korean operation against Sony. Journal of Strategic Studies, 40(7), 898-926.
From $10 to earn access
Only on Studyloop
Original template
Downloadable
Similar Documents