Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Be scared: The Sony-style hack is no rare event

Roger A. Grimes | Dec. 11, 2014
Only the wanton destructiveness of the Sony attack made it an outlier; the scale was not uncommon. Maybe the bad publicity will be a wake-up call

Last week the media was in full meltdown over the Sony hack, particularly the company's loss of 100TB of data, including unreleased films. Worse, personal information was exposed, including Social Security numbers and addresses for thousands of current and past employees, as well as Hollywood stars.

Sony employees have received threatening emails from the perpetrators. The entire company is in a multiweek digital shutdown. It doesn't get any worse than this.

Was North Korea the attacker, bent on revenge for Seth Rogen's latest film, "The Interview," which features a CIA plot to assassinate Kim Jong-Un? We'll probably never know for sure.

But there's no disputing -- I speak from experience -- how common this sort of hack is. A hack that exposes 100TB of data on the public Web may be unusual, but only in the above-average quantity of data and the intent to embarrass and financially damage a company, rather than quietly spirit away information that can be used to steal money and/or intellectual property.

In truth, hundreds of terabytes of data are stolen from companies all the time. I personally know of dozens of companies where hundreds of gigabytes of data are stolen every day, with an average of about eight months elapsing before a breach is discovered. This seems par for the course when I investigate an APT (advanced persistent threat). The only difference is that the stolen data is kept and used by the hacker instead of posted on the Web.

At least Sony knew what was stolen right away. Sony understood the damage and closed the holes -- at least temporarily -- by shutting down its network and computers. Most companies that discover they've been hit find hundreds of gigabytes of stolen data in a single day's maliciously exported data file -- then must figure out what else was stolen and when. In a way, Sony is lucky.

The sad truth is that almost any company could be Sony. No company connected to the Internet could have stopped an attack like this one. Most wouldn't have a clue it occurred. The majority of companies are completely pwned by one or more hacking groups, and those that aren't could easily be broken into in an hour or less. The overall state of computer security at most companies is pathetic.

By turning off its network for a few weeks, Sony is responding more aggressively than most companies would. Ultimately, I'm betting Sony will follow the same pattern set by other big companies hit over the last few years (Home Depot, Target, and so on): fire the old guard, hire new "experts," and spend tens of millions of dollars on new security systems.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.