Dec 12 2012

Lessons to be learned from Sony Hack

While many of us have spent the last few days enjoying the Thanksgiving holiday, most of the IT staff over at Sony Pictures have been living a nightmare. In case you missed it, Sony Pictures Entertainment suffered from a devastating hack earlier in the week, and word is that heading into this weekend, many facets of day to day business operations were still crippled.

What does this mean for the average IT professional?

First and foremost, it’s worth pointing out that Sony, like many of the larger companies, is a juicy target for this kind of attack, as they were hit with ransomware. The hackers have been threatening to reveal sensitive information, but haven’t made any demands known publicly. This kind of attack, in terms of scope and scale, is not likely to be attempted on just any company, because hackers may not see any financial benefit. Simply put, Sony is one of those sacred cows. Worth a lot, and potentially likely to pay rather than have to endure a nasty leak.

The scary part of the news story? Sony IT staff still don’t know exactly who, or what, hit them. Depending on who you believe, systems have been down for the bulk of the week, and it’s unknown if things will be back online for December 1. There’s even some speculation that Sony is wondering if North Korea was behind the attack, possibly motivated by an upcoming comedy centering around a plot to kill North Korea’s leader.

For the not-so-high-profile companies, there are lessons to be learned from the incident.

First, make sure you have a reliable set of backups for all of your most critical data-and be certain you can restore from them. How many firms believe they back up frequently enough but never actually try to restore from them? It is not enough to just know that you back up servers on a regular interval. Whether in a lab or in a secondary environment, you need to have familiarity with restoring from the backups, and know that the backups are adequate.

Second, have a critical response plan-and drill for it. It’s great if you know you have a step by step plan should things hit the fan. But if you never drill for it, your response won’t be nearly as effective as it could be, had your team drilled for any crisis response. Labs are excellent for such drilling, and with virtual machines more and more prevalent, they only make such drills that much easier to perform.

You’d think there would be no excuse for not doing it, but too often in IT organizations, things like backing up and restoring, as well as incident response, are taken for granted. With Sony spending so much time and resources in an effort to get back up and running, it should be a lesson for all other IT professionals. Have a plan and know your plan, because you never know when you’ll need to put your plan into action.