The Sony hacking and subsequent threats to the company and its supply chain, has become the biggest information story of 2014; in a year of many high profile incidents. What started out as ‘yet another breach story’ a few weeks ago rapidly developed into a very real business continuity and reputation threatening incident.
On December 19th the FBI published an update on the Sony cyber attack. The highlights include:
- “In late November, SPE [Sony Pictures Entertainment] confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the ‘Guardians of Peace’ claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.”
- “The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.”
- “After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.”
- “As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.” “While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
- “We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States.”
The Sony attack will send shivers down the spine of business continuity managers but, if nothing else, it serves to emphasise just how important it is for business continuity managers to get involved in information security. It’s too important an area to simply trust that the IT department, or even a dedicated information security team, will have covered all the bases. It’s time to destroy the siloes once and for all.
Make a comment
•Date: 22nd December 2014 • World •Type: Article • Topic: ISM
To submit news stories to Continuity Central,
e-mail the editor.
Want an RSS newsfeed for your website? Click