Business Lessons Learned from Sony’s Pirate Attack
The hacking attack on Sony has been a commercial disaster for the film company.
In addition to the leaked emails, the disclosure of salary data, and the unfortunate disclosure of various private opinions about movie stars and upcoming films, the company’s stock price fell by double digits.
Sony’s business is, of course, entertainment and the media have had a field day with all the secret details about Hollywood celebrities. The late-night newscasts have developed into a soap opera, and the company’s attempts to plug the gaps have been futile at best.
It remains to be seen how all of this will play out in the long run, both internally and externally. Certainly, relationships with corporate executives have been maximized. Film producers and “A” list actors may hesitate to do business with the company.
While many cyber experts, including the FBI, have been quoted as saying that this attack was planned and executed with a very high level of sophistication, reports indicate that the company was not completely blocked from a possible breach.
In fact, your PlayStation network came under attack in 2011. Personal information about millions of PlayStation games was stolen. The network was inactive for weeks. Many wonder if these issues were ever fully addressed.
It is true that Sony is a global organization and high-level cyberattacks are more likely to target larger, more well-known companies. JP Morgan Chase and eBay were recent targets.
Still, most businesses of all sizes can take the right steps to ensure the highest levels of security protection are in place.
These include …
1. Invest properly in cyber security. Many large corporations do not allocate resources for high levels of security. They wait until disaster strikes and then make the appropriate investment in firewalls, anti-virus programs, etc. The same goes for smaller organizations. Unfortunately, smaller companies may not be able to easily bounce back as a multinational giant. Small businesses could lose sales, contacts, and key data. A small business can be idle for days or even weeks. Such a gap for a smaller organization could make the difference between guaranteeing a profitable year or falling into the “red.”
2. Prepare for a well-planned response. All companies must have a backup system in place. Off-site electronic backup using the cloud, for example, is a robust way to retain all logs and data in case logs are breached, stolen, or lost. Proper backup enables a business to maintain business operations with as little downtime as possible.
3. Creation of a crisis communication plan. Chances are, your business won’t come under intense media scrutiny in the event of a breach and important private data is made public. Even in this litigious environment, it makes sense to have a plan in place in the event of a crisis. This should involve a technology component to find out how the breach occurred and take appropriate IT-related actions to prevent it from happening in the future. It should also include a media component to adequately address inquiries from press and television reporters. The document should be periodically reviewed and updated. Hopefully this plan doesn’t need to be implemented, but it is money well spent in the event of a disaster.
The hacking attack on Sony is a good reminder that a breach attempt can happen to almost any company at any time. Executives should not hesitate to invest in the highest levels of Internet security no matter the size of the company.