Less than two years ago the film studio Sony Pictures Entertainment experienced a cyber-attack, which affected the organization greatly. The hack happened in November 2014. The criminals informed the employees that they are “Guardians of Peace” (GOP), placing their name on the computer screens along with the picture of a skeleton. During this attack, a wide range of confidential information was stolen. It was claimed that all received data would be released if the company refuses to satisfy the request, which was not explained at that time and remained unknown. In the next month, GOP threatened the company and urged it to cancel the release of the film “The Interview”.
GOP said its release would be the same as a terrorist attack. Sony accepted the demand and did not let the film run on the cinema screens but allowed the representatives of the general public to see this comedy about the intention to kill the leader of North Korea in theaters and online. Intelligence officials who worked on this case tried to find out who the members of GOP were and who sponsored their actions. The research showed that North Korea was involved, but the country denied its responsibility (Peterson, 2014).
The media represents this cyber-crime as hacking. Mainly, it happens because GOP broke into the employees’ computers and received access to the personal information. However, it was not only found but also stolen, which proves that the group wanted to exploit the weaknesses of the system. It was also a theft of data with the intention of further release (in case of not meeting the request). Thus, from the very beginning, the purpose of GOP was to steal information.
The target of the discussed cyber-crime was the film studio Sony Pictures Entertainment. GOP hacked its computers with the concrete desire to steal information about the employers, employees, and their families. They even informed the victims of the act of hacking for them to realize that it was more than an assessment of vulnerability. The group was paid to stop the release of the film that was made by Sony Pictures Entertainment, and no other organization could be addressed with the same demand. Thus, there were no doubts about GOP getting to the right target.
The fact that GOP communicated their request to the employees of the company proves that hacking was committed in order to make Sony meet the demand. Except for that, the data were stolen to threaten the organization and make the request to cancel the release of “The Interview” even more critical. Thus, this firm was selected as a target, and its abolition was the only thing that could satisfy the demand. In particular, Sony made a film and was going to release it while GOP wanted to stop the process and hacked the company.
Sony’s system was not efficient enough, which allowed the attack to be successful. Alvarez (2014) paid attention to the “security vulnerabilities in the service, particularly after Sony failed to act on multiple warnings from the culprits” (par. 3). Such opinion was supported by numerous professionals, including Sanchez (2015). It was stated that Sony had not paid enough attention to Internet security and left significant data hardly protected. Its firewalls and system of intrusion detection failed to work efficiently and effectively (Martin-Vegue, 2015).
The attackers did not try to hide. They left their name – GOP – on the screens of Sony’s computers. Still, the only information initially available was that they were a group of hackers. However, it was found that they worked under the sponsorship of some individuals or organizations, but intelligence officials did not know who or what it was. The investigation showed the connection with the North Korean government, and the content of the film makes such opinion look well-grounded and decent (Peterson, 2014).
However, with the course of time, other versions were also developed. For example, Paganini (2015) reported that at the beginning of 2015 Russian hackers claimed that the attack was made by them. As North Korea does not admit their responsibility, and no authoritative evidence regarding Russia exists, the issue remains unsolved.
The fact that Sony experienced the cyber-attack and its confidential information were disclosed affected the organization adversely. First of all, it had to meet GOP’s demand and alter the designed plan of action regarding the film. It dealt with the negative impact on workers’ and clients’ perceptions of the company. It had to restore the brand and re-attract customers. The organization had to implement changes in the security system. It was supposed to assess the situation and cope with vulnerabilities.
Sony had to be able to prove its efficiency and security after the attack always because workers, clients, and suppliers would not be likely to cooperate with the organization that could not ensure the safety of the important information. The company needed to find a practice in which it exceeded the competitors to prove that it was still not only good enough to remain in the market but also was one of the leaders in the industry.
Sanchez (2015) believes that the attack could have been prevented if Sony implemented Critical Controls that provide an opportunity to reduce such risks. The organization should have conducted Gap Assessment to see its vulnerabilities and then select and implement specific controls. The attention should have been paid to data protection and encryption, wiper malware, use of administrative privileges and audit logs, and implementation of secure network engineering.
References
Alvarez, E. (2014). Sony Pictures hack the whole story. Web.
Martin-Vegue, T. (2015). The Sony Pictures Entertainment hack: Lessons for business leaders. Web.
Paganini, P. (2015). Sony Pictures hacked by Russian blackhats, it now emerges. Web.
Peterson, A. (2014). The Sony Pictures hack explained. Web.
Sanchez, G. (2015). Case study: Critical controls that Sony should have implemented. Web.