CyberSponse CEO Discusses Sony’s Data Breach
As recently seen with Sony’s most recent breach, the costs of a breach and the resulting damage to the company if not mitigated quickly, can be devastating. Your company will experience Security Events in the future, and you need to be prepared. Security incidents, threats, email inbox overflows are just a few issues that may come your way and your company should be ahead of these issues before they occur. Proactive readiness is key. These incidents can cause some major issues for your company, get the Incident Management and Operations Management that you need with CyberSponse.
CyberSponse believes consolidated security operations and incident response workflows to resolve security incidents are vital in proactive security. An efficient system, with high technology systems, automation, and a single pane of oversight is the best way to ensure a great Security Operations System.
Reach out to CyberSponse today to prepare your company today. Visit our website to schedule a demo today.
Joe Loomis: …I think when you’re dealing with a large organization like Sony and you’ve got executive management, that has very high visibility of cybersecurity, they don’t really understand all of the details and impacts. I think that it’s safe to say that until a board-level representative shows up and explains to the board that this is the Swiss cheese that we deal with every day, that these organizations are going to be attacked and they’re going to be penetrated every day.
Interviewer: What changed? You’ve told me earlier that North Korea probably had these capabilities or the hacking groups, they probably had these capabilities even a year ago, so why now?
Joe: I think it’s poking the bear. I think that we created the perfect storm. Look at the reasoning that we gave that organization for the parody bit in the movie and the whole intention of making fun of a relatively prideful country. To me, it was our recipe for disaster. I think that there was a lot of bad decisions made and just applying common sense in regards to, “What is the risk model to this? Do we really want to make fun of a nation-state that has a young dictatorship that clearly understands the capability of the Internet? Well-funded, very smart individuals that work for him. Do we really want to mess with that guy?”
Interviewer: Can you explain to me the hacker group Unit 121?
Joe: Unit 121 is a highly sophisticated organization under the military branch of the People’s Republic of North Korea. What this group is designed to do is to advance their cyber warfare capabilities of either in detection, offensive and defensive strategy, as well as any type of military advantage that you might necessarily need when it comes to being a nation-state.
Interviewer: Tell us a little bit more. You told me earlier that maybe these guys are highly trained since the age of 16.
Joe: Look at it as if you took some natural prodigies of Internet programming. They come from a relatively suppressed, hardworking country, and then you give them benefits and rewards of doing great work, with maybe no moral standard of doing right or wrong.
Interviewer: What can companies like Sony do to protect themselves? You help companies all the time protect themselves, but what can a company like Sony do to protect themselves against this level of attack?
Joe: Educate your employees. Insider threat, even if it’s out of ignorance or incompetence, employees are your almost most dangerous asset in a way.
Interviewer: You used to help out Sony. You used to advise them. Did they seem to have a good grasp on this?
Joe: When we started, the Internet was just taking shape. No, not at all. I mean literally, we had our hands full, every consumer electronics division, every area of where Sony was relatively a big brand, back in the early 2000s, when it came to consumer products.
Let’s just say we were very busy because you’re dealing with a rapid exponential increase of dependency on the Internet. If we’re growing faster on Internet dependency than the competency of the board and the leadership, you have obviously a huge delta of risk and incompetence in an intellectual gap…