On November 24, Sony Pictures Entertainment suffered a serious security breach in which massive amounts of information and intellectual property were stolen and leaked.
Weeks have now passed, and every day we’re learning more about this monumental hack and the implications it will bring about—not only for the tech and entertainment world, but for anyone with a computer.
A recap of the booty pilfered by the as-yet-unknown hackers is as follows: we’ve got US Social Security numbers of more than 47,000 current and former Sony employees, freelancers and celebrities; contracts, termination dates (with reason for firing) and other sensitive information (almost all of which was stored in Microsoft Excel files – without password protection); 1.1 million Social Security numbers (although many were duplicated); four as-yet-to-be-released Sony Pictures films including “Still Alice,” “Annie,” “Mr. Turner” and “To Write Love On Her Arms”; and the already-released Brad Pitt film, “Fury.”
Days after the attack, speculation was rampant that the perpetrators of the hack were from North Korea. The theory was that the small Kim Jong-Un led county launched the attack in response to the upcoming film called “The Interview,” starring James Franco and Seth Rogen. In the farcical film, Franco and Rogen play journalists who somehow get mixed up in a plot to assassinate Jong-Un. However, in a statement released Sunday December 7 by their National Defence Commission, the North Koreans are denying any involvement in the Sony breach.
“We do not know where in America the SONY Pictures is situated and for what wrongdoings it became the target of the attack nor we feel the need to know about it. But what we clearly know is that the SONY Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK by taking advantage of the hostile policy of the U.S. administration towards the DPRK,” the statement says.
It’s interesting to note that in North Korea, hackers are a handpicked elite and are treated royally. Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004, told Reuters, “They are handpicked. It is a great honour for them. It is a white-collar job there and people have fantasies about it.” North Korean hackers and their families are often given large, upscale apartments in Pyongyang, according to the report.
Maybe the attack came from the North Koreans and maybe it didn’t. Does it really matter? If some countries are treating their cyber criminals like heroes and are seeing major rewards for their hacking efforts, in North America we’ve got to place even more importance on information security. The implications of not doing so are far greater than the costs of prevention.
Look at Target and Home Depot, and now Sony. I’m not saying these companies didn’t have good security systems in place. Their systems just weren’t good enough. Somewhere along the line, corners were cut and money was saved. And then the hacks happened, and the ongoing costs have continued to skyrocket.
What does this mean for Sony? They’ll get over it, and they’ll persevere. It’ll cost them a bundle, but it’s a good learning experience. Their systems will improve and they’ll be more prepared when the next attack (and it will happen again: on Sunday evening their Playstation network was hacked) comes their way. The leak of the films was the most widely-reported aspect of the hack, but with the exception of “Fury,” none of the unreleased films are making a huge impact on file-sharing and torrent sites. For Hollywood, it’s a warning that if it can happen to Sony, it can happen to anyone.
For everyone else, this amounts to yet another student in an overstuffed class of We’re Not Paying Enough Attention To Security Online 101. We’re all carrying computers in our pockets 24/7, and so much of our data is stored somewhere in the cloud; most of us take our privacy and security for granted. If our privacy and security were the Academy Awards, we’d be presiding over it like James Franco. Yup, when it comes to security, we’re just sooooooo chill, man.
Sony is large enough to overcome something like this, but imagine if you or your small company fell victim to a hack of this magnitude. It’s never too late to put a wee bit more thought and effort into how we can call protect ourselves.