Responding to the Hack of the Century

For today’s medium to large enterprises, being hacked by outsiders has become a working reality. The challenge leaders face is knowing what to do about it.

Security has become a central focus for organizations as they attempt to quantify how much risk they are willing to tolerate and what measures they will employ to prevent an intrusion and detect and mitigate the effects of a security event. At Datapipe, a core tenant of the value we provide customers is security. Datapipe partners with customers to ensure their cloud strategy is one that includes the most recent tools and processes to address the risk posed with a security breach.

Fortune magazine recently published a seminal article on the details that lead up to what the magazine describes as the “Hack of the Century“.  This well written article gives the details of the hack perpetrated on Sony, arguably in response to the movie The Interview, by a reportedly North Korean state sponsored group named #GOP.

To execute the attack, it is believed hackers gained access to Sony via “spear phishing” which is duping an employee to clicking on an email attachment or access a rogue website link. Once access to the company was obtained the hackers were able to navigate relatively freely throughout the organization due to a lack security controls such as multi-factor authentication. Systematically and over a period of weeks, the hackers stole pieces of data and affected host machines throughout the company with a malware strain called igfxtrayex.exe. This malware was undetected by the company’s antivirus software. Once installed, the malware unleashed a protocol that displayed a skeletal image while performing its damage, killing the affected host within two hours.

Here are just a few effects of the cyber attack:

  • Half of Sony’s global network experienced an outage
  • Hard disks completely erased on 3,262 of 6,797 global PC’s and 837 of 1,555 global servers
  • Deleting algorithm overwrote data seven different ways then removed the machine’s startup software, rendering the machine effectively dead
  • Before data was deleted it was stolen. This data included movie scripts, confidential email, salary lists and more than 47,000 SSNs
  • Manual processes had to be adopted, for example 7,000 employees had to be paid by paper check
  • Sony reported $41 million in losses by March 2015 not including: lost movie revenue, breach investigation expenses, and IT repairs and litigation (NOTE: the company reported $177 million in losses in 2011 due to a PlayStation Network hack)
  • The damage to Sony’s business reputation may be more severe with criticism leveraged on the company from numerous visible sources for its response by pulling release of the movie

So what is a company to do? Sony would argue that it was hit with an unprecedented attack. That may be true but a number of security procedures were not followed that could have mitigated the impact of the attack or made faster detection possible. As a managed service provider, we help customers ensure the integrity of their cloud systems. One of Datapipe’s key value propositions is that we can leverage our security expertise to shore of an enterprises system and mitigation the impact of risk of a possible security breach on their infrastructure environment. A few ways we do this:

  • Employee security awareness training – required employee training on security and compliance issues. It takes the mistake or malicious act of a just single employee for nefarious actors to gain access to your system. Training won’t eliminate this risk but will broaden your police force.
  • Continuous Audit – detect deviation from a known, accepted state
  • Intrusion Detection System (IDS) – make real-time critical decisions regarding security risk
  • Event/Log Monitoring and Management – track and respond to suspicious log activities
  • DDoS Protection – Distributed Denial of Service attacks are all too easy with the advent of the cloud. DDoS protection ensures swift response and proven protection to prevent service disruption
  • Data Encryption – secure visibility to database and backup data
  • Multi-factor Authentication – ensure only approved personnel can gain access to systems, even public cloud environments
  • Web Application Firewall (WAF) – prevent web based attacks
  • Firewall and VPN Implementation and Management – track and manage firewall policies, ensure only desired doors are open to intended sources

These services, when leveraged properly, would have made a profound impact on the events at Sony. Additional security and compliance services from Datapipe are available to meet most any company’s unique requirements.

Some companies may have all of these areas locked down and are diligent in the development of their security programs to keep in step with new advancements. As a large enterprise you have likely already been hacked, the question is what are you doing about it?