Documente Academic
Documente Profesional
Documente Cultură
I.
EXECUTIVE SUMMARY
The company then asked for help from the FBI and some other firms that
offer cybersecurity services. During the investigation, firms and other
knowledgeable individuals commented that Sonys cybersecurity was weak
Page | 1
enough to leave the companys digital information into the hands of average
hackers. Norse Corp., a small threat-intelligence firm based in Silicon Valley
visited the companys site and found it unsecured, leaving all its information
vulnerable to any disguised person to enter the premises.
In its attempt to identify the perpetrator, with the close release of its movie
The Interview, depicting the assassination of North Koreas current leader,
Kim Jong-un, which then concluded by the FBI that it was the North Koreans
who attacked the company citing similar attacks to what had happened to
South Koreas digital infrastructure in 2009 known as DarkSeoul.
II.
Michael Lynton, CEO of Sony Pictures Entertainment at that time has been
having a hard time leading the company from its pitiful financial performance
over the past five (5) years, he said to a friend. Due to consecutive
disappointed earnings from famous franchised movies, the company had
been suffering losses over the years. Lynton faced a much bigger problem
when hackers attacked his companys digital data on November 24, 2014.
Clueless of what hit them, they told the public that they see themselves as a
blameless victim.
Page | 2
seek
to
intrude
and
collect
information
from
significant
companies. But that was not the case to Sony Pictures. When Norse Corp.s
team visited the companys site to assess its cybersecurity 21 days before
the attack, the team found it very susceptible for unauthorized persons
intruding the place. Also, leaving the computers operating and logged in
without anyone to watch over the place, anyone could disguise and invade
the site easily. Sonys traditional virus-detection software has left the
company unprotected for its database only identifies previous threats. J. Alex
Halderman, a computer science professor at University of Michigan
commented that corporate networks should have had detection software
that can identify unusual activities within the network. Kevin Mandia, a
forensic expert, COO of FireEye, cybersecurity vendor, came up with the
statement that the hackers patiently copied company data over several
weeks from various company servers to attackers controlled locations. Sony
did not employ two-factor verification as well. Furthermore, earlier before the
attack, Sony made a movie with Seth Rogen and his producer Paul Goldberg,
The Interview, depicting the assassination of North Koreas current leader
Kim Jong-un. Being warned by experts to strengthen cyber defenses because
North Korea has an army of cyber warriors, Sony instead pulled out
marketing plugs that they think might cause conflicts with the North Korean
government.
Page | 3
As the company struggles through rough waters in its attempt to please its
investors in making more money in the future, Sony then proceeded with the
movie anyway. It was released on Christmas day, 2014. It had a hard time
launching the movie due to the hack that had occurred which caused
postponements of its release and refusal of theatres and online movie rentals
due in their fear of being the next victim of the hack.
III.
Due to its lack of security from its physical site to its IT infrastructure, the
perpetrators had found it easily to penetrate Sonys entire network.
Hence, leaving them vulnerable even to an average hacker, Ed Skoudis
commented, a white hat hacker. The company has had weak to average
cyber security controls to its information from its employee records, top
executives
exchanges,
unreleased
movies,
to
its
financial
information and future plans. Sony had not adopted the most recent cyber
security software that could potentially detect intrusions within the
network, they had not adopted a two-factor authentication to at least
make it difficult to hackers to penetrate personal information of their
employees in fear of a costly investment in cybersecurity rather than
seeing to it as a beneficial factor in future times.
Page | 4
With its profit continuously declining over the past seven years for
disappointed expected earnings from costly franchised movies, David
Loeb, a hedge fund investor of Sony said that the company is poorly
managed and badly positioned for the future.
IV.
Page | 5
V.
VI.
EXTERNAL SOURCES
https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack
https://www.riskbasedsecurity.com/2014/12/a-breakdown-andanalysis-of-the-december-2014-sony-hack/
http://www.vox.com/2014/12/14/7387945/sony-hack-explained
http://fortune.com/sony-hack-part-1/
Page | 6
http://www.thewrap.com/11-sony-hack-shockers-from-explosivefortune-magazine-cover/
Page | 7