The cyber attack at Sony Pictures Entertainment has become a wake-up call for corporate America. It exposed employees’ personal information, erased files and prompted the company to scrap a fictional comedy called “The Interview” about the assassination of North Korean leader Kim Jong Un. The FBI on Friday placed blame on North Korea and said the country “inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.”
Corporate hacks have become commonplace. This year saw an uninterrupted deluge of security breaches at retailers, banks and government offices. Yet the Sony incident shows how severe and devastating a hack can become: It forced a major corporation to publicly abandon an estimated $ 80 million business project, an unprecedented surrender to attackers in corporate cyberwarfare, and could end up costing Sony $ 150 to $ 300 million, according to one estimate.
“It just really is a game-changer,” says former White House cybersecurity coordinator Howard Schmidt, who left the post in 2012 and is now a partner at the consulting firm Ridge-Schmidt Cyber LLC. “You consider a corporation the size of Sony being affected. You can imagine what small, medium-sized businesses and municipalities, what stuff would happen to them.”
Here are five ways the Sony hack will change the way we think of cybersecurity and how companies do business.
1.Hack attacks have the potential to destroy a business — not just tarnish it
Recent hacks have offered evidence that a breach can tarnish a company’s reputation: Target’s TGT, -0.72% profits dropped 46% in the final quarter of last year, after the company revealed a holiday season breach of tens of millions of customers’ payment information.
The Sony SNE, -2.78% fallout shows things could get much worse than lost profits, lawsuits and brand issues. Leaked Social Security numbers for more than 47,000 current and former employees. Internal emails gone public. Wiped hard drives. Computers went dark, and employees reportedly resorted to working with pencils and paper. Sony has been hobbled by the assault, but for a smaller business, this kind of hit could be ruinous.
“You’ve just seen the magnitude by which they can affect your business,” says Phil Dunkelberger, president and chief executive of Nok Nok Labs Inc., a Palo Alto, Calif.-based security company. “This is a movie studio. That really shows one it can happen to anybody.”
Security expert: We saw Sony attack coming
The security hack that happened to Sony could happen to anyone. Co3 Systems’ Bruce Schneier explains.
2. People might attack your business for ideological and political reasons
Sony Pictures canceled the planned release of “The Interview” out of “paramount interest in the safety of employees and theater-goers” after hackers threatened physical attacks to the theaters and patrons.