The hack attack on Sony has been a business disaster for the film company.
In addition to the leaked emails, the disclosure of salary data, and the unfortunate disclosure of several private opinions about movie stars and upcoming movies, the company’s stock price fell by double digits.
Sony’s business is, of course, entertainment and the media have had a field day with all the secret details about Hollywood celebrities. The nightly news has played out like a soap opera, and the company’s attempts to fill in the gaps have been futile at best.
It remains to be seen how all this will play out in the long term both internally and externally. Certainly, relations with business executives have been accentuated to the maximum. Filmmakers and “A”-list actors may be hesitant to do business with the company.
While many cyber experts, including the FBI, have been quoted as saying that this attack was planned and executed with a very high level of sophistication, reports indicate that the company was not completely on lockdown for a possible breach.
In fact, your PlayStation network was hacked in 2011. Personal data was stolen from millions of PlayStation games. The network was down for weeks. Many question whether these issues were ever fully addressed.
It’s true that Sony is a global organization and high-level cyberattacks are more likely to target larger, well-known companies. JP Morgan Chase and eBay were recent targets.
Still, most businesses of all sizes can take the appropriate steps to ensure the highest levels of security protection are in place.
These include…
1. Invest adequately in cybersecurity. Many large corporations do not allocate the resources for high levels of security. They wait until disaster strikes, and then they make the right investment in firewalls, antiviral programs, etc. The same applies to smaller organizations. Unfortunately, smaller companies may not have the luxury of easy recovery as a multinational giant. Small businesses could lose sales, contacts, and key data. A small business could be down for days or even weeks. Such a default for a smaller organization could mean the difference between securing a year of profitability or falling into the “red.”
2. Prepare for a well-planned response. All businesses should have a backup system in place. Off-site electronic backup using the cloud, for example, is a robust way to preserve all records and data in case the records are breached, stolen, or lost. Proper backup allows a business to maintain business operations with as little downtime as possible.
3. Create a crisis communication plan. Your business will most likely not be subject to intense media scrutiny in the event of a breach and important private data is made public. Even in this contentious environment, it makes sense to have a plan in case a crisis occurs. This should involve a technology component to discover how the breach occurred and take appropriate IT-related actions to prevent it from happening in the future. It should also involve a media component to adequately address inquiries from print and television reporters. The document must be reviewed and updated periodically. Hopefully this plan won’t need to be enacted, but it is money well spent in case disaster strikes.
The Sony hack attack is a good reminder that an attempted breach can happen to almost any company at any time. Executives should not hesitate to invest in the highest levels of Internet security regardless of the size of the company.