StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cyber-Attack of Sony - Case Study Example

Cite this document
Summary
The paper 'Cyber-Attack of Sony" is a good example of an information technology case study. November 2014 will remain in the books of Chronicles of data theft. A group identifying themselves as guardians of peace made their way through the Sony pictures leaving the company network crippled for days (Anon., 2015)…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.8% of users find it useful

Extract of sample "Cyber-Attack of Sony"

TOPIC: THE HACKING OF SONY Author’s Name [ ] University’s Name [ ] November 2014 will remain in the books of Chronicles of data theft. A group identifying themselves as guardians of peace made their way through the Sony pictures leaving the company network crippled for days (Anon., 2015). The notorious group released personal information about the company pictures, employees and their families, emails between employees, information about executive, salaries unreleased films that had recently posted on the internet and other information. In December the same year the guardians of peace (GOP), demanded that Sony pulls its film ‘The Interview’ Which was a comedy about the plot to assassinate North Korean president Kin Jong –un also, threatened terrorist attack if the release of the video went on as planned. However, US cinema chain hindered to the threats of North Korea. Consequently, Sony opted to cancel the film premiere and mainstream release. After unfathomable evaluation of the software, techniques and network sources of the US intelligence officials alleged that North Korea sponsored the attack. However, North Korea denied any responsibility for the same.The duration on which the hack took place is yet mysterious though sources indicate that the intrusion had occurred for more than a year before. The hackers are claimed to have taken over 100bytes of data from Sony (Considered, 2015). At the same time, the hackers fixed a wiper on Sony's computer network, which was purposed to erase data from the servers. On the eve of 24th November 2014, Sony was made aware of the hack, as the malware previously installed had made Sony employees computers to be almost obsolete. Also, warnings by the GOP, along with a percentage of confidential data taken during the hack. Numerous Sony- connected Twitter handles had been taken over also a handful of Sony Pictures .The executive had received messages from a group called God'sApstls which demanded monetary compensation or bombard Sony pictures (Smith, 2015). However, most of the executive members ignored the message and treated it as spam. To gain attention and awareness from the social media, the GOP began leaking yet- unreleased films and portion of confidential data from Sony, although they never quantified what they wanted in return. On December 8, 2014, the GOP threatened Sony with a language relating to September 11 attacks thereby drawing the attention of US and security agencies (Obama, 2014). US suspected that North Korean state-sponsored hackers did so due to the decision of Sony that it was to show the film ‘The Interview' a comedy on the assassination of North Korea leader. It's worth noting that North Korea officials had expressed concerns of the same regarding the comedy as sponsoring terrorism as well as the act of war Information Acquired The Hackers stole employees' information as a result of a brazen cyber-attack. The attack revealed personal identifiable information about employees and their dependents including names address, social security numbers and financial information (B.V., 2015). In the emails, the computer criminals revealed that Company CEO Mr. Kazuo Hirai confronted co-chairwoman Sony pictures to soften assassination scenes by becoming the target t rather than Kim joungun. Also, important emails like the two Sony executives Pascal and Rudin exchanging emails about Pascal incoming event with US President Barrack Obama was revealed. The two had suggested mentioning films about slavery in America upon meeting the president e.g. 12 years a slave. Several future movies to be released by Sony were leaked to the internet. Sony Response to the Hack The response of Sony to the hacking that was affiliated to North Korea was poor. To a company of their caliber, there should be enough measures put in place to deal with hacking at the same time to prevent hacking. Sony is the biggest producer of electronics all over the world, thereby, the assets and information of the company are supposed to be very safe (Network Security, 2015). Immediately after Sony Learnt that their soft wares had been hacked, the company quickly prepared internal teams data experts and cyber-crimes experts to try quickly to manage the loss of the data to the internet, as the hackers were releasing their data into social media site so as to gain attention. Additionally, the company contracted the FBI and alerted them about the hack because the FBI has cyber –specialist to deal with such situations. To make sure they were preventing their data in the best way possible the company also contacted a private corporation, the FireEye, to help secure their employees whose personal data and their families had been exposed by the hack. The company also to tried to check the source of the leak. In response to the hacking in 2014, the following year Sony set aside $15 million dollars to repair all ongoing damages caused by the hack. Again, Sony has evolved and has enormously bolstered the cyber –security top prevent similar hack or future loss of data. Again, after those skirmishes, Sony co-chairwoman, Amy Pascal, announced that she will step down in 2015 in the wake of the hack. However, the chairperson is to be involved in movie production under the same company. Recommendations A company of the Sony caliber should have done better to curb this high profile attack that took place some years ago. The attack happened due to total negligence and gross incompetent. To start with back in 2011, the same company was a victim in the hacking of a play station and play station network accounts stolen. Such events happening should be a big lesson to the company. However, due to negligence, the most sophisticated attack in data theft occurred. To try and curb and deter such event from occurring the company should screen both the potential candidates and employees thoroughly, specifically those in IT and finance departments (Shema, 2012.). As these people have elevated privilege to system access. Nevertheless, if a criminal can get to an employee who has administrative access, the only way to fight it is the proper isolation of duties within the IT incredibly tight automated control with real-time monitoring and reporting capabilities (Shema, 2012.). Again, to secure data even in the presence of network penetration and root level access to servers and attackers need to employ anti-tamper technologies to harden all applications that access sensitive data in a company. These, arguably, are client applications or server applications. All data must be encrypted with actually hidden keys and any access to the data that the applications controls must be the subject to rigorous logical authentication of both device and the user. With effective anti-tamper technology put in place, this rigorous authentication mechanism cannot be bypassed and this access to the sensitive data prevented, even if both the application and the data are lifted by authorized users only (B.V., 2015). Unsuitable IT segregation is a big mistake; companies should always avoid super admin accounts. Whether they had someone on the inside or just used hackers from outside, they only needed one right password, and they were able to manipulate everything as well as playing with everything. Many companies fall short of information security by having super admin password combine by inadequate monitoring; this is an enough catalyst of a hacker (Shema, 2012.). Additionally, super admin password should not have access to important company data crucial company files should be encrypted to an executive user account. Data in a database must be secured against super admin access. Isolated machines must be segregated so that they can't be accessed over VPN. Consequently, those devices should be used to secure the most critical files of the company like the human resource, marketing plans products plan and the financials. Besides, the type of password administered in an account also matters a lot. Simple and easy to guess passwords should be done away forthwith for example Sony1234.This does not need a brute force or computer forensics to attempt; those would be easy things to type in a test. Again, if the terabytes of information were stolen from Sony, that means there is no monitoring on the software systems. To curb hacking, there should be applications that should sense any illegal entry or trial and error of passwords. This is made possible by an application known asSIEM (security information and event management.) At the same time, Sony should not only check the about the encryptions' and passwords but also the company should be very keen on employees satisfaction. The image employees portray the real image of the company. Therefore, Sony should maintain good rapport with their employees as it is evident in the online platform that Sony Studios are the most Loathsome places to work. This image must change if the company wants to be away from the dubious act like hacking (Coleman, 2012.). Lastly, the company should adopt the DLP (data loss prevention) system. This is a methodology used by companies to prevent massive data theft. The data loss prevention systems prevent data loss at the endpoint. All the staffed security operation center, not a couple of guys with pagers, but trained people are necessary so as to understand events coming in multiple locations on the network and then follow keenly with resilience 24/7. Conclusions In this essay, it is evident that North Korea was centrally involved in the hacking of Sony. In 2014, that led to data theft as was as manipulation of systems. On the other hand, Sony has failed to provide enough security in the systems they are operating. The system was venerable and could be intruded by outsiders. At the same time, the response by the company at the time when the hacking took place was good, but the company of their caliber should have done better than that. However, the measures they took afterward were commendable. Additionally, the Co- Chairwoman resigning was a broad step as the company will be able to find a person who will safeguard the assets of the company References Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Cyber-Attack of Sony Case Study Example | Topics and Well Written Essays - 1750 words, n.d.)
Cyber-Attack of Sony Case Study Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/2085404-analysis-a-company
(Cyber-Attack of Sony Case Study Example | Topics and Well Written Essays - 1750 Words)
Cyber-Attack of Sony Case Study Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/2085404-analysis-a-company.
“Cyber-Attack of Sony Case Study Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/2085404-analysis-a-company.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cyber-Attack of Sony

Cyber Security

The purpose of this research is to investigate the following: top cyber security vulnerabilities; operating system vulnerability; impact of operating system vulnerability on organizations and counter measures to mitigate the impacts of vulnerability of operating systems.... ... ... ... It is evident from the study that talking about cyber security, vulnerability is a security weakness; anything that can be harmed easily or destroyed effortlessly is said to be 'vulnerable'....
10 Pages (2500 words) Coursework

Cyber crime and security affair in e-business

The study will define Cybercrime and its meanings along with defining E-Commerce.... Effect of cyber crime on E commerce will be discussed in detail.... It will be established whether Cybercrime and cyber criminals are a threat to E Commerce especially online shopping.... ... ... ... This research will try to answer the following questions: Whether cybercrime is a threat to E Commerce and online shopping?...
24 Pages (6000 words) Article

Types of Network Attacks

This research paper aims to identify the types of network attacks and discuss them with the help of research so that it becomes clear which types are prevalent and what precautionary measures need to be taken by the government and public as a defense mechanism.... .... ... ... There exists no sound or authorized way to accurately monitor or track the network based attacks which are so high profile that to keep a definite record of them is not possible (Anderson, 2008, p....
4 Pages (1000 words) Research Paper

Sony Attacked y Cyber Criminals

The divisions of sony include Sony Corporation that deals with electronics in USA, Sony music entertainment, Sony picture entertainment, Sony computer entertainment, Sony mobile communication and Sony financial that offers financial services.... Once such attack is the one that was experienced by Sony Corporation, a division of sony that deals with electronics in the United States of America with headquarters in San Francisco.... Anonymous collective, which is the group, that is suspected to have been behind the hacking of the website of sony, is a group that is largely decentralized in its command structure without any rules that govern it rather it is governed by ideas....
6 Pages (1500 words) Term Paper

"Sony Pictures hacked by Russian blackhats, it now emerges

The eventual events leading to sony Pictures attack is a controversial issue that raises a few questions with relation to the security of the data and information available in each firm.... A company require prevention to defend against attacks on low focus and make the aimed sony pictures attack The eventual events leading to sony Pictures attack is a controversial issue that raises a few questions with relation to the security of the data and information available in each firm....
1 Pages (250 words) Article

A Forensic Investigative Response Approach for Suspected Security Breach

The paper "A Forensic Investigative Response Approach for Suspected Security Breach" summarizes that the security advisor should monitor all business systems for any security lapses, document the entire episode of hacking and list the security incidents, educate employees about security awareness....
6 Pages (1500 words) Case Study

Amanda Todd - Cyber Attack and Bullying

This paper "Amanda Todd - Cyber Attack and Bullying" focuses on the fact that the Internet is one of the mediums that are known by young generations to spread information in a fast way.... The information can be true or untrue and still can be an avenue through which people use to threaten others....
8 Pages (2000 words) Essay

Cyber Terrorism

This term paper "Cyber Terrorism" seeks to explain and describe in detail the real cyber-terrorism by highlighting the major incidence of these attacks in America's history as well as the measures taken to mitigate such attacks to avert the devastating financial losses that accompany such attacks....
6 Pages (1500 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us