Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sony Pictures hacking a wake-up call for businesses

John Thomas Lloyd, Principle Information Security Consultant, Logicalis Singapore | Jan. 16, 2015
This article highlights the impact of the Sony Pictures hacking, how the ease of access and lax security safeguards sets a dangerous precedent for the industry and steps businesses can take to mitigate a security disaster.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Accusations of the Democratic People's Republic of Korea's (DPRK) involvement in the Sony Pictures leak are falling upon receptive ears despite a lack of solid evidence. After all, the attacks do bear some resemblance to those previously used to attack South Korea, and who else but the DPRK would get so upset about a film which is little more than a typical Seth Rogan/James Franco comedy.

Evidence like this sways public opinion, but experts are admitting it might never be possible to catch the hackers involved; much less formally charge the DPRK of wrongdoing.  The reasons for this are why the case should be a wake-up call for all businesses with an online presence. 

Hacking is no longer limited to the realm of the young or disgruntled.  Petty vandalism has given way to organised collectives lacking any formal affiliation with a state or company and selling a variety of services to anybody able to pay. Governments are free to pursue their agendas in cyberspace while at the same time be able to deny involvement when acting irresponsibly, since any investigation will lead back to the group to which it has no formal affiliation. 

Sometimes a tenuous link can be found. Take for example, an alleged hacker going to school on a state scholarship, but finding actionable legal evidence to prove wrong doing can be next to impossible in an age of escrow services and crypto-currencies. 

Security loopholes are low cost and easy to exploit

Acting anonymously with a low risk of being caught is attractive to everybody and unfortunately, the ability to conduct a sophisticated cyber-attack is easily within the average individual's budget. Just how easy can we exploit this vulnerability?  In the past I have been able to source the hacking of my own social media accounts for as low as US$30.  Some providers have offered to take a particular business offline for a day at a price of less than US$100.  Up-and-coming security enthusiasts can receive detailed reports on the efficacy of their malware against modern security software or appliances for just fifty cents.

These groups are rightfully nervous about being caught in a sting so first-time buyers may face difficulty in finding a contractor.  The groups are also suspicious as security companies are known for buying attacks to gain intelligence on exploits that are used to 'harden' their own applications.  A dedicated buyer will eventually discover a contractor and as the relationship grows successful in the long term, the communities will compete heavily for new business, making reputation one of the key differentiators amongst contractors. Unfortunately, these communities can thrive — in spite of the business activity engaged — as there is always honour among thieves.

 

1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.