BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Here's what Sony's CEO learned from the brutal hack attack last year

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 6 Oct 2015 18:31:18 -0600
http://www.businessinsider.com/what-michael-lynton-learned-from-the-sony-hack-2015-10

Sony Entertainment CEO Michael Lynton received the first phone call while
he was driving to work: The company's email system was down.

It was the beginning of what has become known as the "Sony Hack," a series
of North Korean cyber attacks in December 2014 that shut down the company's
computer systems and revealed troves of employee personal information.

On stage today at Vanity Fair's New Establishment Summit with assistant
attorney general for national security in the Department of Justice, John
Carlin, Lynton said that one of the the biggest lessons for him was the
importance of knowing who to contact.

"It’s not like you can call the local policy department," he said.

Luckily, he said, executive Nicole Seligman, had pre-existing relationships
with government officials, and was able to elevate the situation within
hours. Without that speed, the situation would've been even worse.

The hack was a catalyzing event for the Department of Justice in that way,
too, Carlin said.

"Sony knew by name and by face someone in government that they’d already
talked to," Carlin says.

Every major company should have that connection with someone he advised,
whether their local district attorney or regional FBI head. The
responsibility falls with the government, too, he said, to reach out
proactively.

"We need to be out there talking to you before an event," he says.

That's why, earlier today, the Department of Justice announced a new
private sector outreach program, with the mission of making sure that
companies have a better idea of what to do and who to call in an emergency
security situation.

In Sony's case, the FBI descended upon its headquarters within hours.

"About 20 agents showed up," Lynton said. "They worked side-by-side with
our folks."

The other big lesson, Lynton says, has been knowing what information should
actually live on company networks.

"There’s no wall high enough to keep a determined nation state out of your
computer systems," Carlin says. If they want to get in, they'll get it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: