The news that some high-quality unreleased movies under the Sony Pictures didn’t raise too many alarms, after all, some of these movies were already in theatres, yet what we now know about the inner workings of the mega-company is having consequences.
When we learned about the Sony hack, we were told that some big office movies, in particular The Fury starring Brad Pitt, which was downloaded 2.3 million times and the remake of the musical “Annie,” starring Jamie Foxx, which had been pirated more than 278,000 times, was the issue.
The hack has also produced some embarrassing internal communications, ranging from uninspired employees, gaps in pay based on gender and race, and personal information from more than 3,800 employees. The snatched information also revealed the salaries of Sony movie stars.
Hackers grabbed potentially millions of documents, and around 40 gigabytes of this information was made available to select journalists. Buzzfeed, an Internet news media company with a global audience, was able to gain access to the data and reported that the information includes everything from salary information to a document that “outlines the breastfeeding diet of a senior executive.”
Who did it?
North Korean has been accused of being involvement in the leaks, (they denied this outright) and there are reports linking the attack to a group associated with Pyongyang known as DarkSeoul, which swiped clean the computers of South Korean banks and broadcasters in March 2013.
While the FBI investigates, did it ever occur to Sony to protect their information? Of course it did, but did they do it? Yes, and No. I am sure they had a security defense system, but was it effective? Obviously not! Further investigation may reveal that the budget for security was either lacking or just didn’t exist.
In an article I wrote in August of 2011 for Security Week, security budgets are tight secrets should be even tighter, I point out that sometimes security officers are working with tight budgets and find it acceptable to have a “just enough to PASS” attitude.
In future reports I will explore why CEO and Chief Security Officers feel they need to be “cheap” when it comes to network security and where the future in security will need to be.
- A very large Data breach occurred at Sony Pictures. North Korea has been accused of being involved.
- The attack is linked to a cyberhacker group associated with Pyongyang known as DarkSeoul (which swiped clean the computers of South Korean banks and broadcasters in March 2013)
- Sony must have had a security defense system but it was not enough it appears
- CEO and Chief Security Officers worry about budget first.
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.