It was the hack that made cyber security an international story. Sony Pictures Entertainment was attacked just before Thanksgiving in 2014. Their systems were breached, data was stolen, and a treasure trove of damaging and embarrassing company emails was released to the public over the next few months. Sure the general public got a big laugh out of reading the Hollywood backstabbing that went on, but the real consequences were much more severe.
Executives at Sony were fired. Reputations were forever damaged. Revenue was lost. And a U.S. company was attacked. Now researchers have concluded that the group responsible for this attack has been active since 2009, breaching systems in South Korea, several countries in Asia, and the United States. The researchers determined this by analyzing the malware used in the different attacks, uncovering clues that connected 40 versions of the malware to the one group.
In response to the hack, enterprises reviewed their processes and brought in the latest threat detection and cyber security solutions to prevent a breach from happening. But as all the statistics have shown, a breach is impossible to stop. What these companies need to understand is exactly which threats and vulnerabilities their systems have detected need to be addressed; which ones can enable hackers to gain access to valuable business data and systems.
Here’s a different way to think about it – you’re about to launch a boat but you notice five holes. Four of the holes are on the deck and one is on the bottom of the boat. You know the only hole you need to fix before sailing is on the bottom of the boat because it poses a real threat. If you don’t fix it, the boat will flood and sink. With all of the threat detection alerts that CISOs receive, they need to know which ones really need to be fixed.
So what could Sony have done to prevent this from becoming a major breach? Malware typically sends and receives messages from a remote command and control server, which could have been caught with an anomaly detection solution. Pathlock’s Cyber Governance solution then correlates the compromised IP (malware alert, botnet alert) with its accessibility to the company’s critical systems.And as data was being sent to an external IP, Pathlock’s Cyber Governance would report on the sensitive data requests from external IP or non-typical IPs. This is a game changer for CISOs because they now have a solution that exposes the real cyber threats.
To find out more about how Pathlock’s Cyber Governance automates the linkage between your cyber policies and standards with underlying controls, highlighting areas of exposure, contact Pathlock today.