Preclusion
of data theft like credit card information, bank account numbers, passwords,
work related documents or sheets, etc. is crucial in current days interaction
since many of our daily activities is contingent upon the security of the data
paths. Computer security deals with computer associated assets that are subject
to distinctive kind of threats and for which countless actions are taken to
safeguard those assets. Computer security is the protection given to an
automated information system in order to accomplish the appropriate purposes of
upholding the integrity, availability, and confidentiality of information
system resources. The resources comprise software, hardware, firmware,
information/ data, and telecommunications.
Very
frequently, computer and network security is not considered about until an
issue appears. By this point, a fissure in security can trigger enormous and
possibly harmful problems to business and/or their clients. By situating up a
security plan and an alternative action plan, one can know that the information
they possess in their computers and networks is safe and secure.
Sony Pictures Entertainment recently underwent a
data breach when hackers posted intimidating posts on the company’s computers.
The post started with a skull appearing on screens, and then an oddly
threatening message conveying users that they had been hacked by something
called Guardians of Peace (GOP). The post got strange as it claimed it to be
just the beginning and then threats were also made to release documents by 11
PM the very same day (November 24, 2014). The company had to entirely shut down
all email communications and employees were not permitted to use company
computers during the time the company worked through where and what the threat
was and if it was real. The threat did not give any particulars or any message
on any kind of ransom for the data that had allegedly been hacked.
Sony
picture’s single server was compromised and the attack was spread from there.
Right after the revelation of the attack, the GOP team announced two lists,
incorporating names of several documents, private key files, password files,
financial data, PII, source code files (CPP), network maps and outlines,
inventory lists for hardware and other assets, production outlines and
schedules. The GOP hacking team released
preview copies of numerous Sony movies, including Fury, Annie, and Still Alice.
The cyber attack instigated much more than the online circulation of pirated
movies. A batch of sensitive employee records was also flowing on the Internet.
Also the servers used by the members of the GOP to leak online employee
information also belong to Sony Corporation. The hackers also stole more than
25 gigabytes of sensitive data on thousands of Sony employees, containing medical,
salary information and Social Security numbers. The last set of files released
comprises contracts between numerous TV stations and Sony Pictures Television.
The documentation includes a detailed organizational chart of the Sony
Pictures, which comprises a gigantic number of information like cell phone
numbers of the employees and an internal phone list.
With
the additional recent threat and data breach in multiple known organizations
such as Target, Home Depot, Blue Cross Blue Shield – Anthem, the need for
information security management has never been higher. Companies are trying to
secure their network and data as never before. Companies have started to apply
several security protocols and measures to avoid being the next target.
Disallowing plain FTP of the file, building secure firewalls, mandating SFTP
and VPN, continuously changing user credentials for databases and user accounts
have become trending security practices.
A
network administrator should be mindful of the kinds of security risks possible.
They should also be mindful of some of the solutions available to alleviate
those risks. Some of the attacks against a network cannot be prohibited and
only effective supervision of the network and appropriate responses will
decrease the risk related with the wireless portion of a network. Regardless of
additional precautions, it is always possible that systems will be breached.
This is the reason why it is imperative to have an emergency action strategy, a
strategy that is developed to shut down and protect systems in case of a breach
or an attack. One needs to make sure that all relevant personnel are mindful of
the plan in case it needs to be executed. This strategy will support any damage
or unintentional sharing of private information, permitting one to keep control
of the situation.
References
Infosec Institute. (2015, n.d n.d). Cyber Attack on Sony Pictures is Much More
than a Data Breach . Retrieved February 24, 2015, from Infosec
Institute: http://resources.infosecinstitute.com/cyber-attack-sony-pictures-much-data-breach/
Privacy Rights Clearinghouse. (2014, November 24). Sony Pictures. Retrieved February
23, 2015, from Privacy Rights Clearinghouse Empowering Consumers. Protecting
Privacy: https://www.privacyrights.org/data-breach-asc?title=sony
No comments:
Post a Comment