Page 3 - index
P. 3
What Should We All Learn from The Sony Pictures Exploitation?
It’s been splattered all over the news like a paintgun full of red ink. Sony
Pictures Entertainment – exploited beyond reason. Some say this breach
will cost them more than one hundred million dollars ($100M). They had
five movies stolen and plastered all over the P2P file sharing sites. They
had 47,000 records (or more) stolen. Very embarrassing executive emails
leaked. Is this Sony’s fault? Some would blame their CISO, but he
actually left the job in September, 2014. Many say their policies were
insufficient and that makes a lot of sense. But ultimately, even the FBI has
stated that 90% of businesses in the USA would have been easily exploited like Sony. Why is this?
Most organizations don’t have centralized security event information management. Most do not have up
to date information security training for best practices, to be mandatorily taken by all their employees.
Most organizations don’t have proper password management, backup policies, encryption polices and on
top of that, they don’t know how to deal with zero-day malware including the newest remote access
Trojans (RATs). Our executive producer predicts 2015 will be the Year of the RAT and I sadly must
agree with him – when so many organizations don’t know they are already being exploited, they are
already infected, it’s only a matter of time for them to end up on the front page news or on the
PrivacyRights.org database list of recent breaches.
Isn’t it about time we start looking for the more innovative solutions to these problems? Why not manage
risk with next generation solutions – maybe from smaller, more nimble vendors. I look to the many new
kids on the block who show up at RSA Conference 2015 with a new idea for password management or a
better way to bring your own device (BYOD) or real-time encryption and backups that don’t bog you
down. I’m not looking for the big names to help us because their tools are the top visible and easily
exploited. Firewalls don’t cut it anymore. Antivirus is dead. It’s time to take a new and more bold
approach to information security. The basic lessons we can learn from Sony Pictures are that policies
must be best practices, in place, under review and audit constantly, if we are to avoid being infected by
RATs and losing our data. This breach was a wakeup call. Please enjoy this edition of CDM focused on
getting one step ahead of the next threat.
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
