After forking out $170 million in 2011 for the PlayStation attack you would have thought Sony had learned its lesson. Now, just three years later, the empire is crumbling as a result of another ruthless cyber security attack. Unlike the last time when the cybercriminals were focused on obtaining the personal data of Sony customers, this time the focus is on sending a message and doing damage.
Officials are now blaming North Korea for the attack that began on November 24 when Sony’s entire computer and phone system became paralyzed. The reason? To prevent the movie The Interview, focused on a plot to assassinate North Korean dictator Kim Jong-un, from being released. The hackers were successful and Sony cancelled the release for Christmas Day. David Robb of Deadline has an excellent timeline detailing the events since November 24th leading up to the cancellation.
Sony is not alone in this type of attack. In February 2014, Sands Casino was hacked by Iranians as a result of the Sands CEO Sheldon Adelson’s comments defending Israel. This attack cost the company more than $40 million dollars. Are these types of state-sponsored attacks against private businesses going to become a trend?
The long and the short of it is that everyone is vulnerable and no company should maintain the “it won’t happen to me” attitude. It is critical to be proactive and integrate security into software at its core. This means focusing on security when the code is being developed rather than putting security band aids on code weaknesses down the road. Running application security testing tools to identify software weaknesses early on is essential in today’s world to defend against malicious cyber security attacks.