We are familiar, to some extent, that North Korea took offense to the Seth Rogan comedy, The Interview, about the assassination of dictator Kim Jong-un.

As a result of “9/11” level threats against U.S. movie theaters that show the Sony movie and international diplomatic maneuvering, the may not be released. We shall see.

The important point here, especially to cyberwarfare experts, is that this incident represents the first time that a nation-state, rogue as it may be, has called a non-government commercial firm’s endeavors, “an Act of War.”

Thus, a nation-state is using public threats, essentially of terrorism, to change the behavior of a commercial firm, because it doesn’t like what the company said or stand for.

The hacks were huge; and in an equally profound stance, the perpetrators are releasing highly sensitive internal documents… some of which maybe should never have been put in writing. The racist, demeaning and often hateful tones of the Sony upper management emails suggests, indeed, a culture in need of reform.

Now, what does this mean for everyone else? Be it a ketchup company or an international arms manufacturer: at what point does a company buckle under to threats or demands or extortion because of a data breach?

The game has indeed changed. We can expect to see more of these types of cyber-hostility as the distinction between Class II Information Warfare (corporate espionage, private spying, “business is war” mentality, and Class III (nation-states and such engaged in cyberwarfare) becomes increasingly fuzzy.

Most companies did not sign up to be the victims of nation-state wrath. But, as we watch Sony maneuver, we need to keep the basics of security in our minds, more than ever.

  • The vast majority of data breaches are caused by social engineering; attacking the human, and more than likely a phishing email.
  • Not clicking on ‘suspicious’ emails is the correct action to take. Anything else is irresponsible.
  • You cannot assume that the ‘bad guys’ will not come after your company. Sony probably thought the same… but don’t forget the PlayStation hack of 2011. Should have been a lesson learned.
  • Some things are best not said in email, especially if you would cringe at seeing them on the front page of news web sites.

The Security Awareness Company

With over 25 years of industry experience, we serve both small & large organizations to create successful security awareness and compliance programs on an international scale. Our team is a strong, creative powerhouse with a passionate vision and we consistently produce on-trend end-user training materials of the highest caliber.