What the Sony Hack Means for the Entertainment Industry
The unprecedented hack that cost Sony millions of dollars and compromised more than 11 terabytes of internal company data this past November is all the entertainment industry has been talking about for the past several months. So what has the US done about the attack and what does this mean for the entertainment industry going forward?
US Response to the Attack
This past December, the FBI released a statement saying that the North Korean government was responsible for the unprecedented Sony breach. Additionally, due to the malicious intent of the cyber attack and the North Korean state sponsorship of it, the US is forced to respond to the incident as a matter of national security, instead of treating it simply as an instance of cyber-crime. As a result, the Obama administration has imposed a wave of sanctions against members of the North Korean government, which is the U.S. government’s first official response to the cyber-attack against Sony Pictures Entertainment.
Although there have been lingering questions from private security analysts over whether North Korea was responsible for the hack, the White House described these new sanctions as retaliation against North Korea. In his statement to the press, White House Press Secretary Josh Earnest said, “We take seriously North Korea’s attack that aimed to create destructive financial effects on a U.S. company and to threaten artists and other individuals with the goal of restricting their right to free expression.”
In an executive order signed at the beginning of this month, President Obama authorized sanctions against North Korea due to their “provocative, destabilizing, and repressive actions and policies … including its destructive, coercive cyber-related actions during November and December 2014.” The sanctions were named against 10 individuals and three organizations in North Korea, including the state’s main intelligence agency and its primary arms exporter. The sanctions deny the named parties any access to the U.S. financial system and bar them from entering the U.S.
What this Means for the Entertainment Industry
The unprecedented attack against Sony is a game-changer for cyber security. Whether or not North Korea is the culprit, American companies need to step up their data security game. Reporting around the Sony hack revealed the company and its employees did little to keep passwords and other sensitive data secure.
At the employee level, employees can change passwords every few months, avoid saving anything they don’t need, and most importantly, avoid disseminating anything (including passwords) they would be embarrassed to see published, whether it be by email or other written communication. If there is one lesson that the Sony hack should teach us, it is that if you don’t want something spread all over the world, then you just don’t write it.
Employees can also take care to never open suspicious links in what’s called a “phishing” email. These emails are targeted specifically at certain individuals and make it seem like the source is someone you trust. Clicking the links, however, can result in malware hitting your computer, contaminating the company’s network and leaving it vulnerable.
More preventions can be made at the corporate level. For example, companies need to do a better job segmenting their data so that employees can only access the information they need. Implementation of an encryption protocol would also prove useful. Encryption converts sensitive files and into “cyphertext,” which appears to be a jumbled mess to third parties.
It’s also important for companies to clamp down on sharing spreadsheets, and instead use secured databases to access important information. In Sony’s case, hackers leaked a human-resources spreadsheet filled with sensitive medical and employee information. Sony’s failure to prevent the leaking of this information has led to multiple class-action lawsuits, in which former employees make the member class. Lastly, companies need to regularly monitor the data movement throughout their firm in order to track any unusual changes, such as large quantities of information being accessed remotely or being pulled from company systems.
In addition to companies ramping up their cyber security, the U.S. government must also play a role in responding to cyber attacks on private companies. As was expressed by National Security Agency Director, Admiral Michael Rogers, “Merely because something happens to us in the cyber arena, doesn’t mean that our response has to be focused in the cyber arena,” instead we must reply as a nation (thus the economic sanctions against North Korea).
As a result of these attacks, we are going to be seeing much more government involvement in preventing and protecting against cyber hacks of this magnitude. If there is another cyber attack against a private company, that company can rest assured that they will have the backing of the US government in combating against the attack. Ultimately, however, the entertainment and news industries have to adapt to the possibility of cyber attacks, and develop business practices and habits that prevent them from being vulnerable to another cyber hack.
 Fitzpatrick, Alex. “4 Things Every Single Person Can Learn From the Sony Hack.” Time. 18 Dec. 2014.