The Sony Pictures Entertainment Hack of 2014 Essay

The Sony Pictures Entertainment Hack of 2014
Sony Pictures Entertainment is an entertainment company based out of Culver City, CA and is a subsidiary of the Japanese multinational company, Sony Entertainment Inc. (Sony Pictures, n.d.). On November 24, 2014, a massive cyberattack left the company paralyzed and over 100 Terabytes of personally identifiable information (PII), pre-release movies, and company information was stolen and leaked to the Internet (Sanchez, 2015). The hackers responsible for the attack referred to themselves as the GOP, or Guardians of Peace (RBS, 2014)
Politically Motivated
Leading up to the cyberattack of Sony Pictures, it was announced in 2013 that the company would be creating a movie about the interview and assassination of North Korean Leader, Kim Jong Un. This upset the dictatorship and on June 26, 2014, one of North Korea's official foreign ministry spokesperson broadcasted on their state media that, if the movie were to be released, then it would be an "act of war" (BBC News, 2014) On January 2, 2015, after the Sony cyberattack, President Obama signed a new executive order directing the Treasury Department to impose financial measures against North Korean officials and three of their government agencies" (Morello, & Miller, 2015)
Information Security
Sony Pictures information security posture could be labeled as myopic and extremely careless with their data. In the leaked information online, social security numbers, usernames, passwords, and emails were released detailing customers and employees PII. This could have been prevented, had the company implemented security controls for encrypting sensitive information (Sanchez, 2015, pp. 9-10). If Sony Pictures had staff monitoring the network traffic, they would have been capable of recognizing and stopping the transfer of the 100TB of information lost (Sanchez, 2015, pp.10). The GOP group utilized Wiper malware, which is malicious software that erases data from the intended victim's storage devices. This malware could have been stopped in the beginning of the attack by implementing anti-malware and enforcing updates, preventing the spread of the malware (Sanchez, 2015, pp. 12). Applying stronger authentication measures would have prevented the GOP group from escalating their privileges for administrative control. Two-factor authentication could have provided another security level that the GOP group would have to hack through, if possible (Sanchez, 2015, pp. 1415). Had Sony Pictures invested in their information security and staff, they could have had personnel regularly try to locate and remedy vulnerabilities in the system, internally and externally, through the wireless network and the Internet. Creating an action list and mitigating the highest risks could have prevented Sony Pictures from falling victim to the massive cyberattack (Sanchez, 2015, pp.17).
Conclusion
It would appear that Sony hasn't learned their lesson when it comes to being hacked and losing massive amounts of information. On April 26, 2011, Sony suffered a "massive breach" with their online gaming network, which resulted in hackers gaining access to over 77 million user accounts, along with PII (Baker & Finkle, 2011). On May 4, 2011, a Purdue University professor revealed that Sony had failed to use firew