Skip Links

Key lessons learned from Sony hack-fest

What would you do if you became adversary to ideologically motivated hackers?

By , Network World
May 27, 2011 06:04 AM ET

Network World - The relentless cyberattacks against Sony should have businesses planning now what they will do when they, too, run afoul of ideologically motivated adversaries, experts say.

"This is punishment," says Josh Corman, a security analyst for the 451 Group, about the monthlong string of attacks against Sony websites. "Ideologically motivated adversaries show how tenacious and lengthy an attack can be. They will take it further than anyone would expect and do it longer. This is a bludgeoning."

That is very different from how a typical attackers motivated by profit would work. Once financially motivated attacks are detected, they can be shut down and vulnerabilities can be repaired and the attack will likely be finished, he says.

BACKGROUND: PlayStation Network hack timeline

But when the goal is punishment for perceived wrongs, attackers keep on trying with whatever tools they have available, Corman says -- an entirely different beast that calls for new thinking. "I can almost guarantee that as part of their threat model, most organizations lack a plan for dealing with an ideologically motivated adversary," he says.

Businesses need to ask whether they could fall victim of such punishment attacks, he says. "If the answer is yes, run scenarios and adjust your countermeasures."

Actions such as shutting down websites -- something Sony has resorted to -- might not have been on the list before, but may belong there now, he says.

If businesses use cloud services or Web hosts, they should insist on contract language that guarantees an emergency hotline that can shut down the services immediately. Delays shutting down a Gmail account led to the theft of 70,000 emails from HBGary Federal.

Business should also have a plan for running servers in a way that is less functional but also less attackable, he says. Customers may not be able to do everything they could before, but at least business can proceed.

If a business has angered adversaries to spark such attacks, the technical defensive arsenal should be expanded to include social methods. Find out what set them off and take steps to defuse the motivation, Corman says. The initial Sony attack has been linked to what some say was a heavy-handed Sony legal response to a gamer jailbreaking PlayStation 3 and posting a how-to on the Internet.

The most important lesson to learn from Sony's problem is that it could happen to virtually any business. "I suspect if you had a concerted attack by relatively sophisticated hackers on any institution there would be some success," says Mark Rausch, director of cybersecurity and privacy at business consultancy CSC.

Any global enterprise with a well-known brand name is at risk, says David Barton, a principal in UHY Advisors business consultants who specializes in technology assurance and advisory services. "It could happen to any big company that hasn't kept up with the most recent attacks and most recent threats," he says.

Companies' reputations are at stake. The constant drumbeat that Sony has again been compromised has been wearing away at the credibility of the company's security.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News