When you don't learn from your mistakes

What the new SONY hack highlights...

The 2014 Sony Pictures hack was a significant cybersecurity incident that captured global attention and had far-reaching implications. In late November 2014, Sony Pictures Entertainment was targeted by a cyberattack that resulted in the theft and public release of confidential data, including internal emails, executive salaries, unreleased films, and other sensitive information.

The hacking group, known as "Guardians of Peace" (GOP), a North Korea-aligned group, claimed responsibility for the attack. They initially rendered thousands of Sony's computers inoperable and then proceeded to leak the stolen data in batches online. The incident caused not only financial damage but also posed serious reputational risks for Sony.

Reports at the time claimed the Sony hack served as a wake-up call for many organizations about the severity and sophistication of cyber threats. It highlighted the need for stronger cybersecurity measures, including employee training, better threat detection capabilities, and more robust incident response plans.

Yet here we are today, September 26, 2023, and Sony Corporation is dealing with another likely cyber incident. This time from a “new” ransomware group called Ransomed.vc. They claim to be a new group but likely are an amalgamation of members of recently “dissolved” ransomware groups using common tools and practices. Sony has yet to confirm this “incident” has occurred, much like MGM denied their recent incident initially. As time progresses it is likely we learn more about the severity of this incident.

What this highlights though is the little-discussed frequency of entities not learning from the past. You would like to think that in the 9 years since the 2014 incident, SONY would have worked to harden their systems, improve their cybersecurity posture and leadership, and not be in the headlines for this reason. BUT Sony is not an outlier there. Many companies that have been hacked in the past are re-victimized because they fail to learn from their mistakes. Cyber incidents (data breaches, ransomware, phishing etc.) are damaging, but too many victims seem to think once they dealt with their problem, the bad guys have moved on. Sadly, too many don’t make the necessary changes to prevent the bad guys from knocking on the door again.

Hopefully, this Sony incident will raise some awareness.

If you are a cyber victim, what do you need to do to not be re-victimized? Here are some thoughts/suggestions….

1. Conduct a Thorough Forensic Analysis

The first step after realizing a hack has occurred is to conduct a detailed forensic analysis to understand the nature and scope of the breach. Knowing how the attacker gained access, what they targeted, and any changes they made will inform the company's future security measures. Companies may choose to work with external experts to carry out this analysis, which will identify vulnerabilities and recommend remediations.

2. Strengthen Password Policies and Access Controls

Weak passwords and poor access controls are the most common vulnerabilities. Reevaluate and enforce strong password policies (e.g., minimum length, complexity requirements, etc.) and ensure that multi-factor authentication (MFA) is implemented where possible. Limit administrative privileges only to those who genuinely need them and practice the principle of least privilege.

3. Update and Patch Systems

Often, attackers exploit outdated systems and software to gain unauthorized access. Make sure all systems are up-to-date with the latest security patches. Implement an automated patch management system if possible, and maintain a regular patching schedule. This should include not just operating systems but also third-party applications, web servers, and databases.

4. Train and Educate Staff

Humans are often the weakest link in the cybersecurity chain. Regular training and awareness programs can help educate staff about the latest cyber threats like phishing and social engineering attacks. Encourage employees to report suspicious activities and offer training to help them recognize potential threats.

5. Improve your Cyber Leadership

Improving a company's cyber leadership is crucial for maintaining a strong cybersecurity posture. Effective cyber leadership ensures that the organization places adequate emphasis on cybersecurity from the top down, aligning it with the broader business strategy. If you can’t afford full-time cyber leadership (CIO, CISO, what have you) find an entity that can provide short-term or part-time leadership assistance (and YES, that is something I can provide. Please excuse the shameless plug).

Cyber threat actors will always look for the easiest targets they can find. Targeting previous victims is a common practice, and an effective one because too many companies don’t learn from their mistakes.

Let’s start to change that!