Data interface concept

ICT, enterprise and 2015

Longform
(Image: Stockfresh)

15 January 2015

What will be the main trends driving technology in 215? TechPro looks forward to a year when wearables, security, broadband and mobile cloud are likely to generate most of the tech-related headlines.

At the time of writing, it is still unclear who was behind the Sony Pictures attack. What is abundantly clear is that a doomsday attack on the scale of that affecting Sony is every enterprise-class company’s worst nightmare.

The damage done to Sony is astronomical in scope and while other companies such as Target and Home Depot in the US also suffered significant attacks in 2014, the impact of the Sony incident will be felt well into 2015 and beyond. Exactly how the hack executed is unconfirmed, but an educated guess would suggest a simple phishing attack was used to get someone connected with Sony Pictures to click on a malicious attachment or visit a web site that triggered a malware download to their computer.

Once they had gained access to an infected system in Sony’s network, the hacker mostly likely mapped the network then contrived to steal administrator passwords to gain access to still further systems in order to locate valuable data. A demand for money was made and when the deadline for payment passed, a stream of corporate data started to flow out onto the Web.

TC_Sony_hack_web

The Sony hack incident has damaged the company’s bottom line and its international reputation, as well as the personal relationships of executives who have had private correspondence exposed to public scrutiny

The hackers claim to have stolen as much as 100 terabytes of data including usernames, passwords and sensitive information about Sony’s network infrastructure. Probably more damaging is the loss of a large number of documents containing sensitive information about the company, its employees, their salaries, the terms meted out to actors and contracts surrounding its movie projects. In addition, several as yet unreleased Sony-financed movies have shown up on torrent sites as a result of the leak.

The incident has damaged the company’s bottom line and its international reputation, as well as the personal relationships of executives who have had private correspondence exposed to public scrutiny. And most likely, at the bottom of it all is a single point of failure — a guessed password or a foolishly opened attachment. The lessons for companies wishing to avoid the same pitfalls in 2015 are uncomplicated.

“One thing we stress at the start of every year to our customers is that people are the weak link,” said Dermot Williams of Threatscape. “You can get too caught up in the technology solutions that are out there, forgetting that everything falls apart if you don’t have proper training and policies for the people using the computers.”

From this point of view, he argues that the best security advice has not changed in 20 years — prudent and trained staff will defeat a lot of potential threats before they get out of the starting gate. “Clever social engineering on the part of a hacker or malware owner can neutralise a lot of security systems extremely easily. As Kevin Mitnick famously put it, ‘amateurs hack computers, professionals hack people’ and he’s dead right. Why spend a week trying to hack a security system when you can spend five minutes on the phone fooling someone into giving you their password?”

Read More:


Leave a Reply

Back to Top ↑