The Sony Pictures hack -- which was far different from other breaches we've seen -- took the world by storm. Now we need to analyze what happened, learn from the company's mistakes, and change the way enterprise incident response is handled.
What made the Sony hack different and what are the lessons we can learn from it? John Dickson, principal at Denim Group Ltd., sat down with SearchSecurity's Sharon Shea at RSA Conference 2015 to discuss -- beyond passwords and network security woes -- the root of the Sony breach.
"Looking from the outside in," Dickson said, "there's two or three big things that jump out at me. We understand (Sony) was out for the count for a better part of three or four weeks during the holiday season. So this is less a public Web defacement, less a losing of customer data -- which is bad. These guys simply could not operate for about four weeks. They were communicating via Gmail and LinkedIn messaging. … They didn't have access to files, to email, to anything for a very long time. So that is different; an existential threat.
"The other thing that scared me a bit," Dickson continued, "was this combination of the sophisticated cyberattack combined with the threat of physical violence."
What does this mean for the everyday enterprise incident response? Is this a threat organizations should prepare for?
"One of the things I've started to think is very interesting is defining the roles and clarifying the roles better for the FBI and Secret Service to any breach," Dickson said, citing an example of a client that connected with the FBI and had no idea as to what the terms and conditions of the interaction were going to be. Knowing the roles -- and the difference between enterprise and law enforcement responses -- is critical.
To sum things up, Dickson outlined two main steps enterprises should take to prevent falling victim to such a breach.