Before the last winter break, I was excited for the Sony Corporation for two reasons: their newest blockbuster comedy “The Interview” with notoriously funny actors Seth Rogen and James Franco and the release of the super slick PlayStation 4. With Christmas right around the corner, I was looking forward to gaming on my new PlayStation and watching the new Sony comedy a day or two after it came out. Unfortunately, Sony has been recently plagued by a crippling barrage of technological hacks, spearheaded by at least one major cyber-terrorist group, the “Guardians of Peace” or, funny enough, the GOP. These hacks have both delayed millions of Americans from viewing “The Interview” and have disrupted the PlayStation Network and the many gamers who could not play online games since the beginning of the attacks in late November. I was in both groups of disappointed fans/unfulfilled gamers and although both sets of problems were eventually fixed, the damage was extensive. The company lost more than half of its computers and servers, terabytes of information including yet-to-be-released films and other copyrighted material, and employees lost sensitive financial and personal information including performance reviews and social-security numbers for nearly 47,000 current and former employees. Although the problems of the past have been fixed, the Sony incident has brought about questions for the future about corporate security procedures in general.
To start, these past few weeks may have been some of the worst Sony cyberattacks, but they were not the first. Sony has been in the habit of angering hackers and internet terrorist groups since 2005 when music enthusiasts became enraged at the aggressive software used to prevent “burning” on its CD’s. The attacks grew worse in 2011 when hackers from both Anonymous and Lulzsec, “‘hacktivist outfits’” or groups of internet hackers as termed by the Economist, retaliated against a Sony lawsuit by bringing down the PlayStation Network and stealing millions of users’ account data. These acts of terrorism resulted in Sony appearing before Congress, having to explain the resulting chaos. One would suspect Sony to have learned its lesson and alter its practices, but the latest attacks have only revealed the same sloppy security measures are still in place including “leaving social-security numbers and salary data unencrypted, and storing passwords in a file conveniently entitled ‘Passwords’”. This paper-thin security was the reason Sony fell victim to its worst attack yet, one that destroyed computers and other office technology for 7,000 employees at its headquarters, forced executives to use old BlackBerrys for communication and cut payroll checks the old fashion way instead of direct deposit. And this was only the beginning.
By December 1st, when the FBI finally stepped in to help after more than a week of Sony struggling by itself against repeated hack attacks, the true magnitude of the damage could be seen. Sony had played off the fact that entire medical records, film scripts, finished movies, and salary lists had been swiped, and up to 75% of the company’s servers had been destroyed. Then came the file dumping, where the hackers would release tons of stolen data of Sony’s onto anonymous reporting sites. These dumps showed a truly dramatic side to Hollywood executives, with such revelations as “[Amy] Pascal (co-chairwoman for Sony’s board)…caught swapping racially insensitive jokes about President Obama’s presumed taste in African-American films. A top Sony producer, Scott Rudin…discovered harshly criticizing Angelina Jolie” and many more, including a multitude of scathing emails from Sony CEO Michael Lynton. There were many more embarrassing files, which Sony decided to remain silent about, aside from an apology from Ms. Pascal. Since then more hacks and data dumps have occurred, and the damage will not be completely understood until all systems are back online by at least mid February, according to executives. However, the firm’s troubles show this to be the worst cyber-attack on American soil in history.
What is interesting is that, besides the large collection of stolen data and private information, Sony does not seem to be struggling financially. Although Sony will take a hit in revenue and see a rise in expenses from several sources (“The Interview[‘s]” botched Christmas premiere, unsatisfied PlayStation gamers switching consoles, and the enormous amount of equipment to be replaced,) the company is showing strong signs of recovery. Sony’s stock price (SNE) dipped slightly below twenty dollars a share after the initial hack late November, but has since then remained quite strong, with the stock price reaching a two year high as of January 26th 2015 of above twenty three dollars a share. Meanwhile the only recognizable financial damage at this time is a delay in reporting financial data for the third quarter. For this, Sony has asked for an extension date of March 31 while the company attempts to consolidate and reorganize Sony Pictures Entertainment, the primary target of the hacks, and expects to release a full analysis of the damage and financial standings of the company on February fourth. Currently, Sony does not have a concrete number for the cost of damage done.
What’s more horrifying is that Sony’s perpetual cyber terrorism has not been the first set of major cybersecurity attacks on a major corporation; JPMorgan Chase, Home Depot, Target, and eBay have all seen their fair share of major technological breaches. What is clear is that in an age where internet access and advancements in technology are becoming more widely available, companies need to beef up their security to combat the growing misuse of these advancements. And many companies have taken measures to combat cybersecurity threats; as an example, JPMorgan Chase has planned to deploy over one thousand people and $250 million annually “to focus on cybersecurity,” according to CNN Money. However, Sony, and all corporations for that matter, still have two big lessons to learn from this attack: first, technological safety and cyber security should not be put on the back burner in terms of importance and funding. We have seen the results first hand, and the damage to a firm can only get worse as technology gets exponentially more complicated. Second, top executives and managers need to be careful about what they talk about behind closed doors. Hackers have the ability to rip those doors right off their hinges, leaving no one safe from their own words.
Samson Cassel Nucci