Don’t Get Sony’d!

jerk “…These cans – they’re defective…[mechanic]: look, you better run for cover or else you’ll spring a leak! We don’t have defective cans.  We have a defective person out there! [points to the sniper]…He hates these CANS! Stay away from the CANS!!…”

Can you name that movie? …and boy am I really dating myself here!

If you said, The Jerk (genius movie staring Steve Martin), you are correct!!

As we’re coming up to the end of the year, I was thinking about the most memorable technology story of the year.  That HAS to be the ever-present security/hacking story…and more specifically, the Sony Hacking story is by far the most spectacular this year!  When I heard the “Guardians of Peace” (pretty lame name for a group of hackers if you ask me) had a major beef with the Seth Rogen and James Franco movie, The Interview; I started thinking of this quote from The Jerk and jokingly thought, “…they hate this movie…stay away from this movie…”.  Unfortunately, that’s apparently what they want.

Ok, who’s with me on this?  I may not like James Franco either, but I’m not going to hack Sony just because of a bad movie?! …and seriously, isn’t talking about The Interview basically like Steve Martin focusing on “the can” in the scene from The Jerk.  Aren’t the hackers (like the sniper) obviously after something else entirely? Sure, but hopefully everyone understands that goes without saying.

In any case, whether it’s Sony, Target, Home Depot or Jimmy John’s, data security is clearly THE story of 2014.  Even back in June when I wrote about security in the context of Edward Snowden, it was THE story of 2014.  So it goes.  Ok, so no one has the silver bullet for security.  However, I’ll reiterate the simple recommendations from June: encrypt data in transit, encrypt data at rest and make sure you have a patch management program of some kind to regularly apply security patches.

Updating things just slightly from June and in context of the Sony hack, I’d reinforce the idea of encrypting data at rest.  Even if someone compromises your perimeter and gets in, the hacker certainly doesn’t need an “all you an eat buffet” of data.  Also, your networking folks should be looking at how “flat” the network is.  That is, if someone compromises your perimeter, can that person “own” the whole network or critical pieces?  Now I’ve worked in companies that have segregated the network.  So I’m not saying that all networks are at risk.  However early 2015 is a good time to take your networking folks out to lunch and have them explain how they’ve set things up…and ask them to take a step back and think like a hacker.

Of course, doing all these things doesn’t mean that any organization is immune to a breach.  Far from it.  However, it’s proven that “…attackers find one weapon, then quickly re-use it, target after target, looking for anyone who has left that specific defensive gap…” So if you shut down the obvious or easy exploits, many hackers will move on to another target.  Also as I wrote about in November, organizations must coordinate with peers in their industry to understand new types of exploits hackers are using.

Hopefully your budget request for that big data project was approved…and hopefully you incorporated some security funding for it….’cause no one wants to be “Sony’d” in 2015!! Happy Holidays!

Advertisements

Veteran technology professional and manager

Posted in Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: