Have you taken a few minutes to read about the recent North Korean hack of Sony Pictures? Once you’ve been sufficiently amused by the leaked digital dust-ups that involved top Tinseltown executives, there’s really only one conclusion you can draw.
It’s not funny at all.
Sure, the name-calling and posturing was mildly entertaining. But the hack is no laughing matter: Today’s threat landscape is Hollywood horror film scary.
Despite all the resources at its disposal, a major movie production studio failed to protect its prized intellectual property. The list includes sensitive emails, movie trailers and celebrity pseudonyms. Sony’s very expensive and private assets were made very public.
Forget momentarily that the Sony hack shines the spotlight on the entertainment business. A security breach, for businesses of all sizes and industries, can prove costly: Potential fines; damaged reputation; loss of business; recovery efforts – it quickly adds up.
In that respect, Sony isn’t any different than the company whose IT environment you must secure. The task is tall, especially this time of year, when online shopping intensifies. Forrester Research predicts 2014 US online holiday sales to be record-breaking and reach $89 billion.
Your colleagues will use an array of devices to surf the web for gifts while on the corporate network. Cybercriminals bank on unwitting users letting their guard down as they search for big savings.
That is, potentially, a big problem.
As Verizon’s 2014 Data Breach Investigations Report says: “We have more incidents, more sources, and more variation than ever before—and trying to approach tens of thousands of incidents using the same techniques simply won’t cut it.”
Of the 100,000 security incidents Verizon analyzed over the past decade, 92 percent fall into nine attack patterns:
- Point-of-sale intrusions
- Web application attacks
- Insider misuse
- Physical theft/loss
- Miscellaneous errors
- Card skimmers
- Denial-of-service attacks
As this post on the ControlNow blog points out:
“Even the most vigilant IT admin faces a daunting task. That’s why implementing a comprehensive security suite that features real-time threat protection is essential. Use of Wi-Fi-enabled mobile devices in the workplace has exploded as employees send, receive, search and store greater amounts of business-critical data via wireless networks. Cybercriminals are well aware, and they have adjusted their attack strategies accordingly.”
The Ponemon Institute’s 2014 Cost of Cyber Crime study says it takes, on average, nearly six months for a company to detect an attack. It takes an average of 45 days to address an issue. That’s up from 31 days a year ago – two full weeks – which speaks to how quickly cyber-attacks have grown in sophistication.
The average cost to recover is considerable: $1.6 million. And the most costly attacks are the usual suspects. Malicious code (25 percent), denial of service (23 percent), web-based attacks (12 percent), and phishing and social engineering (11 percent) make up nearly three-quarters of the pie.
Armed with this information, this much should be certain: When it comes to cybersecurity, you don’t have to be a Sony insider to feel the company’s pain.
Marc Thaler is Content Development Manager at ControlNow (https://www.controlnow.com), and a former print and online journalist.