As news slowly leaks about the Sony Pictures breach, yet another highly targeted attack, senior management has to be grappling with this question (again) today. Sony, who has dealt with repeated attacks across multiple business units over the past few years, has to be asking “What else can we or should we do?”
What is known about this latest attack is that Sony Pictures shut down its IT infrastructure after discovering a breached server and demands from a group called GOP. The group claims to have exfiltrated data and posted it on external servers, ransoming it against compensation and threatening to release it to malicious groups or the public. The entire Sony Pictures network has been down now for almost 2 days now.
Photo via imgur
The first order of business for Sony’s CISO -- wait, have they replaced Phil Reitinger yet? Phil left Sony earlier this year to found VisionSpear, a private security consultancy. I’m not sure if they’ve named a replacement, so let’s say the first order of business for the Sony security team is get that network back up and running. In order to do that they have to (1) understand how this breach happened and (2) clean it up in a manner that prevents similar attacks in the future.
I’m not intimate with Sony’s security systems or architecture, but I can offer that they will be in a much better position to tackle the above list if Sony Pictures has an endpoint security solution in place. With a data-aware endpoint agent, Sony would have the ability to capture data being manipulated at a low level, detect a process searching across the endpoint or corporate network, and gather intelligence on the data that would be exfiltrated. This kind of visibility would enable them to make an informed decision on the exact nature of the attack and the resulting data loss (if indeed any was stolen at all - there is not yet evidence that the data had been stolen).
Without an endpoint agent-based solution in place, the Sony team may want to call Phil Reitinger’s new security firm, as they are going to need a lot of manpower to manually unravel what just happened to them… again.
Like other security professionals, we’re waiting to learn more and will keep you posted on developments.
How to Prevent Another Wikileaks by Dan Geer
In the wake of the Wikileaks saga, Dan Geer discusses insider threat and the importance of protecting data.
Related ArticlesBYOD Security: Expert Tips on Policy, Mitigating Risks, & Preventing a Breach
30 data security experts discuss the best policies on BYOD and how to prevent a breach.Ransomware Moves to the Next Level
If you’ve been paying any semblance of attention lately, you’ll know that the level of ransomware activity is reaching epidemic levels. It’s pretty much out of hand, honestly. And, unfortunately there doesn’t seem to be any great defensive hope on the horizon.Friday Five: 6/26 Edition
Files from hundreds of police departments are leaked, FBI issues a security warning to K12 schools, and more - catch up on all the week's news with the Friday Five.