Many are fixated on who was behind the Sony hack, but the simple truth is we don’t know yet who is responsible for the attack. Furthermore, we may never know for sure. The take offered by Variety on things is interesting to the extent that it uses a political rationale to keep the idea that North Korea is behind things on the table. What the evidence points to right now is that even if North Korea was involved, they didn’t do it on their own. They would most likely have hired it out, and it seems there was help originating from the inside. The big question therefore is if that insider was the disgruntled employee Norse Security is pointing to, or if it was someone who gained insider access through yet another hack, as the Lizard Squad has claimed. Of course, there could be a whole other storyline for this where North Korea is out completely, one which might mean that it was all due to an insider who simply used political motives as a smoke screen. Many people point to the posts on sites like pastebin as evidence for the political angle. However, those are completely anonymous and easily faked by someone like a knowledgeable techie who might have worked as an insider at Sony. Right now, people are acting like we have evidence in the Sony Hack when all we really have are clues.
Free eBook: Modern Retail Security Risk – Get your copy now.
In the long run, this Sony story will serve as an example of how hard it is to communicate about even the simplest information that have to do with security matters. People not only have a hard time understanding information security; they are motivated to ignore it so they don’t have to change their behavior. That applies to individuals as well as organizations. As people in info security, including myself, point out all the obvious problems Sony had, security leaders in other organizations are looking in horror because the picture being painted of Sony looks all too familiar. The state of Sony’s security is like looking in a mirror for many other organizations. They know their insiders could own them just as easily if they wanted to. They know the people use their systems to say potentially embarrassing things about clients, partners, famous folks, and more. They know that they are a few clicks away from being Sony, but even with that threat they still feel like they can’t communicate the need for urgent change to executives. The old balance between convenience and security still leans toward convenience even in the face of Sony’s public meltdown.
By Jonathan Sander, Strategy & Research Officer, STEALTHbits Technologies
About STEALTHbits Technologies
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.