The complete story behind Sony’s data theft
• On 24th November 2014, employees and officials at Sony Pictures were greeted by a horrifying message saying “Hacked by #GOP” threatening that the hacked data would be released on public domains.
• The “Guardians of Peace” were true to their word, and within hours, terabytes of highly confidential data – salary information, passport details,and most importantly unreleased films and television programs were uploaded onto torrent sites.
• Not only did Sony lose highly sensitive data,malware was also spotted amidst all the data that was left seemingly “untouched”.
• Sony had to issue unconditional apologies to the makers of all the leaked unreleased films, on top of the backlash they faced from the media regarding their fear of releasing the controversial film “The Interview”, starring James Franco.
• 4 months later, today, Sony Pictures’ Data theft was compounded by WikiLeaks, when the Julian Assange-run website released more than 30,000 confidential documents belonging to Sony Pictures.
The Lessons Learnt
This data theft proved that hackers may be present anywhere – inside or outside – and the repercussions could be catastrophic! With such a fiasco of data breach at a multinational Corporation like Sony, and the recent disclosures of Government Surveillance, security of personal and valuable data is always at stake.
The following are the takeaways from Sony’s data theft:
• Proactive security measures and controls need to be installed, configured and managed irrespective of the size of the company
• All activities need to be monitored so as to timely catch hold of any spikes or abnormalities in the system
• Efficient user identification and effective access management should be enforced
• Strong passwords should be used by everyone in the organization that too should be regularly changed
• Penetration testing along with strengthening of networks using the principles of Ethical Hacking should be carried out regularly
• Enhanced control such as two factor authentication should be implemented on important data and services
• Critical data should be encrypted so as to protect from unauthorized use even if it is stolen
• Configuration management and patchingregime should be properly documented
Koenig Solutions – one of the leading offshore IT Training Companies in the world – is the authorized training partner of over 30 technology conglomerates, including Microsoft, Cisco, CAST, EC-Council, PMI (Project Management), Cloudera (Big Data and Hadoop) and many more. Having trained over 50,000 IT Professionals from over 50 Countries, including the likes of Mr. Edward Snowden, Koenig provides all there is to know about Penetration Testing and Cyber Security as a career option.
Log on to http://www.koenig-solutions.com/ and check out all the courses we provide.