The Sony Entertainment cyberattack is not yet old news. On the contrary, the breach is still affecting the idea of cybersecurity and how important it is for organizations to have protection in place. The mystery of who was behind the attack on Sony is in no way solved, and the incident created new fears that companies have to face, including the awareness of holes in their systems and employees who are willing to give up sensitive company information.
These fears are causing many to scramble to find a perfect cybersecurity solution, but there isn't one out there. Hackers are evolving nearly as fast as security tools, which is exactly what makes the implementation of cybersecurity so difficult. If cyberterrorists can break into Sony Entertainment as easily as they did, it seems as though almost no company is safe.
Attacked from the inside
The Huffington Post described how former employees of Sony Entertainment are expressing concern that the cyberattack originated from someone within the company, or that someone on the inside was deeply involved.
The idea that the attack originated from North Korea was confirmed by the FBI last month, and the country did face repercussions, as President Barack Obama put sanctions in place against North Korean officials and companies. However, that has not stopped some Sony associates from believing that an individual involved with the company helped North Korea.
"It's virtually impossible to get that information unless you are an insider, were an insider or have been working with an insider," Kurt Stammberger, senior vice president at Norse, a provider of cybersecurity for financial services, technology and government, told The Huffington Post. "That's why we and so many other security professionals are convinced an insider played an important role." There has been a counter-argument that a cyberattack of this caliber can most certainly be done remotely without any inside help. But Marc Rogers, head of security at hacker conference Defcon, told The Huffington Post that the issue with all of these claims - even the FBI's - is a lack of evidence.
New strategies, new fears
Despite the differing ideas on what happened to Sony, everyone can agree on one thing: Cybersecurity needs to be taken more seriously. "Service providers like Yahoo, Google and Dropbox are offering bounties for vulnerabilities because it's a better deal for them. Paying a thousand dollars to find [an exploit] is money well spent," HD Moore, chief security officer at Rapid7, a security vendor, told TechCrunch.
In fact, these costs are crucial. Cybersecurity methods that were optional years ago are now necessary, such as email encryption and compliant email. Many professionals suggest layers of cybersecurity to ensure that there is backup upon backup in case the worst happens.
These strategies are born from the major attacks on companies such as Sony, Home Depot and JP Morgan. TechCrunch reported that although many want to avoid being the next victim of a similar cyberattack virtually every business seems extremely vulnerable.
Finding a complicated solution
TechCrunch highlighted how many organizations aren't putting enough energy into protecting themselves from cyberattacks. The typical reaction to a breach has been to Band-Aid the loophole that facilitated the specific incident and move on. Instead of taking this approach, an enterprise should look to prevent all types of breaches from occurring, not just the ones it has experienced.
"An attack happens, and they plug it. They don't invest proactively to stop a class of threats in a fundamental manner. It's not like they don't try to aggregate threats and think ahead, they do, but by and large, they respond like an immune system. Nothing happens until a virus comes in and they address it," Andre.
This common reaction may be due to the desire to find a simple answer rather than facing the hard fact that cybersecurity is extremely complicated and can't be accomplished with a onea solution. Just fixing one issue helps a company feel in control, but instead, an organization should work to lessen its pride and bring in a third party to help implement a system, such as a secure email provider for basic cybersecurity solutions.
David Cowan, a partner with venture capital firm Bessemer Ventures, likened the attitude companies have about cybersecurity to a fence with many holes: When a criminal breaks in through one hole, a firm covers that specific opening and puts cameras on it. But if the business pulled back and looked at the big picture, it would be able to see that there are many other holes to cover and criminals to watch out for. The only good thing that has come of the recent various cyberattacks is that more and more companies are stepping back and taking cybersecurity seriously, a development that could be considered the situation's silver lining.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.