For the last month, it seems like everyone is talking about the Sony data breach – a cyber-attack that resulted in several terabytes of confidential information being stolen. While the emphasis on the news and media outlets is on the “bad guys”, it’s important to keep in mind that an incident like this one can only happen when risks (in this case cyber-crime) are combined with vulnerabilities (poor risk management). Furthermore, large incidents like this one are never the result of a single root cause, but rather the combination of multiple things gone wrong. According to the associated press “In the weeks before hackers broke into Sony Pictures Entertainment, the studio suffered technology outages it blamed on software flaws and incompetent technical staffers who weren’t paying attention, even as hackers targeted executives to trick them into revealing their online credentials. (AP)”.
The immediate impact of this event include the release of sensitive information, like emails, passwords and even films, as well as the cancelation of the release of the movie The Interview. However, the full, long-term impact of this incident is yet to come. This hack could impact other Sony lines of business like PS4 and Phone. In addition, this may impact the overall movie industry, and due to the alleged involvement of North Korea, this incident is likely to increase the tension between the US and this country.
The BIG lesson for executives and boards everywhere is that your organizations are also susceptible to this and many other risks. If you don’t know your risk landscape and proactively mitigate risks before they become problems, your organization may be next.