Business Problem-solving Case Sony Hacked Again: Bigger Than Ever
The Sony Pictures Entertainment Hack Instance Report
Sony Entertainment Inc. is a global entertainment company established in 2012. Information technology focuses on Sony'due south movement film, television receiver, and music businesses. In 2014, distinctively, this multinational corporation faced a huge cyber attack that exposed numerous personal information about their employees and clients. This incident was triggered due to the motion picture, The Interview, which was well-nigh the assassination of Kim Jung Un, the North Korean leader. Even though North korea openly denied involvement, they chosen this assail a "righteous act". This study will so further aggrandize the effects of this attack on Sony Entertainment, await at the solution that the visitor implemented after the attack, and the benefits and gains that the visitor received from this solution. Furthermore, this commodity volition likewise examine SPE business strategies through SWOT assay for the Sony Corporation as a whole.
Company Analysis
Company History/Groundwork
Sony Pictures Amusement (SPE) is a earth leader in picture and goggle box production, development and distribution. It was founded in 1987 in Culver City, California. SPE is the television and flick production/distribution unit of Sony, which is a Japanese multinational conglomerate corporation diversifying businesses in consumer electronics, gaming, entertainment and fiscal services. SPE was ranked tertiary among all the movie studios with 12.5% box office market share in 2011.
Sony entered the television and motion picture production market when it required Columbia Pictures Entertainment in 1989 for $seven.2 billion USD. The production company has produced many famous movies such as the "Spider-Homo" series and "Men in Blackness" series.
Problem/Event with the Visitor from Management Information Systems Perspective
On November 24, 2014, a hacking grouping named "Guardians of Peace", or GOP, successfully attacked Sony Pictures Entertainment, gaining access to get-go, personally identifiable data to 47,000 current and former employees and their dependents, second, numerous sensitive emails among top SPE executives concerning actors, fiscal deals, artistic disagreements, executive salaries and complete copies of unreleased sony films, and 3rd, names, addresses, SSNs, driver'due south license information, credit card data used for corporate travel and expenses, usernames and passwords and compensation information. The hackers claimed to have stolen over 100 terabytes of information. GOP initially stated they would release the nearly damaging data over the Internet, which included copies of SPE films that had been released or were yet to be released and they announced they would continue to release more interesting SPE information. Then on November 27, 2014, GOP released five Sony films, including four that had yet to be officially released, onto online file-sharing hubs. Within a week, Brad Pitt'south Fury, which was already in theaters at that time, was illegally downloaded more than than 1 meg times (Robb, 2014).
The reason of this attack is idea to be related with SPE'south flick in 2014, "The Interview". The picture show is mainly about an interview squad was invited by North korea's leader, Kim Jong Un, to interview him in Democratic people's republic of korea and eventually assassinated him with the instructions of CIA. Prior to the attack, Due north Korean officials expressed concerns about the film to the United Nations, stating that the distribution of such a movie on the assassination of the head of a sovereign state should exist regarded equally "the almost undisguised sponsoring of terrorism likewise equally an human activity of state of war". On December 16th, 2014, GOP explicitly stated the film'south name and farther threatened to have terrorist actions against the film's New York City premiere at Sunshine Picture palace on Dec 18th. They additionally threatened the same action on the American-wide release date of the film. On December 18th, two messages allegedly from the GOP appeared. The letters included how GOP would non release any further information if SPE agreed non to release the movie and remove information technology from the Net completely and that SPE had "suffered enough" and could release the picture show only if Kim Jong Un'southward expiry scene wasn't "likewise happy".
Following the attack, everything was "off the grid" substantially; SPE resulted back to using fax machines, paper checks, posted messages, etc. The main response from Police force Enforcement was the launching of an FBI investigation. In 2014, they announced that the FBI had connected the assault to the Due north Korean authorities based off of intel on intelligence gathered during a 2010 Us hack of Due north Korea'due south networks. North korea denied all the responsibilities for the hack. Fifty-fifty though North Korea was a primary suspect, the FBI likewise investigated alternative scenarios including the possibility that a current or former SPE employee was involved.
Sony's response to the hack consisted of them shutting downward their entire network on November 25th, 2014. They pulled the theatrical release of The Interview on Dec 17th. Two days after that, President Obama named the attack "cybervandalism" and denied that information technology was an human action of state of war. He also stated that SPE'due south decision to pull the film was a fault because they were essentially giving into the hackers' demands. Following threats were made to various movie house chain including Carmike Cinemas, Bow Tie Cinemas, Regal Amusement Grouping, AMC Theaters, and Cinemark Theaters resulting in them announcing that they would not screen the film. On December 23rd, 2014, SPE decided to qualify 300 largely independent theaters to show the moving picture on Christmas Day. Later that, SPE released the film on Google Play, Xbox Video, and Youtube. SPE felt that they needed to defend their decision to pull the theatrical release of the film in the outset place. They claimed to exist the "blameless victim". They felt that the attackers, coming from a foreign regime, had more resources to attack compared to the resource Sony had to defend themselves. The studio concluded that they felt the set on was unstoppable and even the FBI and security visitor, FireEye, acknowledged that the malicious software used in the hack was "undetectable by industry standard antivirus software".
Even though the software was difficult to be detected, Sony definitely failed to employ basic information security countermeasures. For example, the company's email retention policy left up to seven years of quondam, encrypted messages on the visitor servers. Additionally, Sony used e-mail for long-term storage of business records, contracts, and documents information technology saved in case of a litigation. Finally, all of their sensitive information, including usernames and passwords for IT administrators, was stored on encrypted spreadsheets and Word files titled various names such every bit "Computer Passwords".
Data Technology Solution for the Company
Since the assault, Sony has implemented a "secure rebuild" information security strategy or information technology solution for the company. The first part of the program would be to plant the fundamental idea of having cypher trust. Their objective with the new strategy is to go along attackers from entering company's networks to prevent them from accessing information. If an attacker were to arrive, they would block them accessing the information and if they happen to access the information, they would block them from being able to steal the information. Here are a few specifics that Sony lists out: internet access will exist tightly restricted, Sony will proceed every bit niggling information as possible on its agile network, which the remainder will be sorted securely, encrypted, and cut off from the Cyberspace, emails will be archived subsequently a few weeks and arrangement administrators will take admission to only areas that they need access to for their task, employees will be able to install only pre-approved applications, all users must use the ii-step login (multifactor authentication) procedure, and firewalls will be placed on their most restrictive settings.
SWOT Instance Analysis
Since Sony Pictures Entertainment is a unit of Sony, a SWOT analysis was washed on the company as a whole:
Strengths:
One of Sony's biggest strengths is the diversity in their products. Sony Corporation not only owns Sony Pictures Amusement, but also has a consumer electronics, smartphones, games, music, and financial services. In 2016, just xi.six% of the groups revenue comes from it's pictures division (Sony Corporation, 2017). Showing that if revenue in one division goes downward, they accept the other divisions to lean back on. Sony also has consumers in a various range of places, simply 21.four% from the US (Sony Corporation, 2017). Having such diversity in both products and geographically is a large strength in minimizing information technology'due south threat from other similar companies.
In Sony's End of Yr 2022 SEC financial statements, they prove their focus on R&D. The total amount of money spent on research and evolution has decreased from 468.2 yen in 2022 to 447.five yen in 2022 (Sony Corporation, 2017). Although this seems similar a big subtract, nearly of it came out of the mobile communications division, with some of the other divisions receiving increases in money spent on research and development. Since they are in such a innovative market with many other competitors, research and evolution is very of import. They demand to stay on pinnacle of new engineering science and ideas. Since they have many diverse products/areas, at that place is besides a lot of room to switch between which programs/divisions should be alloted the most funds towards research and evolution.
Sony has a huge focus on sustainability, in both their products and their corporate life. In 2015, Sony founded a new initiative called "Green Management 2020" in which they will reduce almanac free energy consumption be thirty%, calling on their manufacturers and suppliers to reduce their carbon footprint, and use more than renewable free energy (Sony Corporation, 2017). Through these programs, Sony will be able to not only assist the environment, simply these initiatives could also lead to their customers having a better image of the brand.
Weakness:
Due to the company's headquarters beingness in Japan, a lot of the manufacturing takes place at that place equally well. Since Sony has such a large customer base. Out of the products manufactured in Nihon, 86% were to exist shipped to other places (Sony Corporation SWOT Analysis, 2017). This is inefficient because of the labor and equipment needed to ship the products to their desired place. At that place is as well a risk in producing a good in one identify, as the good is then dependent on the success of the place it is produced.
Another concern for Sony is their weak management system. In 2011, Sony was reported to take suffered a mastic jiff in its video games online network that led to the theft of names, addresses, and possible credit card data which afflicted 24.five one thousand thousand users (Sanchez, 2015). Yet, Sony took over a calendar week to alarm users that their personal details maybe accept been stolen. Afterward, a Purdue University professor testified that Sony had failed to use firewalls to protect its networks and sued Sony (Sanchez, 2015). However, Sony declined to announced before the hearing and instead released a statement that they had prompted the company to strengthen security across all of its products (Sanchez, 2015). Despite this statement, in 2014, another major cyber assail occurred. This has shown that Sony has a weakness when it comes to the management squad as the executives failed to take proactive responsibleness for the security alienation, which resulted in current and former employees' personal data being leaked.
Opportunities:
Sony has immense opportunities, since a lot of their products are centered around applied science. Technology is always irresolute and new products are constantly being developed. Sony has the opportunity to capitalize on these new technologies.
Since Sony already have a huge production diversification, the company can farther expand their products in those production lines and explore opportunities in related industries. For instance, people are gradually adding more than values toward habitation entertainment and gaming industry. Moreover, the popularity of tape music and digital streaming has as well increased significantly over the past few years. Equally the industry leader in entertainment and electronics, Sony tin have advantage of this and effort to introduce and deliver value-added content to support and integrate its production line. Additionally, Sony is a multinational corporation and this give the company a competitive edge in the globalized world by existence able to reach the market of all beyond the globe.
Threats:
Film and television receiver is an increasingly competitive market. They must compete with other flick studios in order to become rights for scripts and the best actors, writers, producers, etc. With the increasing audiences on platforms such as Netflix and Amazon Video, the world of motion-picture show production has changed.
With the increased utilise of the internet comes an increased possibility of forfeited products, peculiarly in the pictures section. It is very easy to record a movie and upload it to the internet. These illegal copies of movies tin then be seen by customers at a gratuitous or cheaper cost. Since customers can receive the products they want for a cheaper price, this cuts down on the available profit for Sony.
Benefits/Gains from the Solution
Post the assail, on December 22, 2014, North korea experienced Internet failure and their government blamed the US saying the disruptions were an attack in retaliation for the SPE hack. The The states government denied any role in the disruptions. After the attack, in that location were many repercussions for Sony and the US government as well. Sony'due south analysts estimated that the cost of the attack could exceed $150 meg, which included business concern disruption, loss of information and revenue, decreased client confidence, and more. Yet the damage to the SPE reputation was incalculable. Many employees likewise sued SPE for not existence able to protect their personal information. Because of this, SPE offered 1 twelvemonth of complimentary credit monitoring and fraud protection to electric current and former employees. In July 2015, in that location were a total of seven cases that were consolidated into a proposed class action lawsuit in the LA federal court. In Oct 2015, Sony agreed to pay upwardly to $10,000 to each claimant for identity theft losses and up to $1,000 each to cover the price of credit-fraud protection services in connexion with the cyber attack. The total settlement was expected to cost Sony $eight million. Equally for the US government and their repercussions, the United states armed forces has responsibility to aid protect and defend the nation'south critical infrastructure, such as power grids, banking systems, and communications networks, but amusement companies are not a office of that infrastructure. Therefore, two questions are asked to the The states government. If a foreign regime is attacking United states of america corporations, what is the federal authorities'south responsibility? If the U.s.a. government had known of impending cyber attack on SPE, why didn't the authorities warn SPE?
Overall, there were several repercussions following the hack and because of this whole experience, Sony and the world essentially learned three lessons. Kickoff, if you lot are connected to the Internet, your data is just non condom. Second, no i should commit anything on email that he or she would not want to see on the front end page of a newspaper. Tertiary, the likelihood of serious breaches is increasing and the amercement that they breaches can cause is also increasing. Therefore, time, effort, and money that the organizations spend on information security needs to increase besides. Because of the hack, Sony was able to get a "wake-up call" and finally resolve their major flaws within their information security. This lead to many solutions that will forbid anything like this from every happening over again and that is the main do good or gain from the new data security protocols or solutions.
Questions Answered
one) Was Sony'south response to the breach adequate? Why or why not?
While the attack that occurred might have been advanced, Sony's response to the breach was inadequate. First, Sony failed to spot the breach beforehand. Sony's attackers were able to access the company'due south network for some menses of time prior to the assault (Schwartz, 2014). Even though it is unclear equally to how long the breach lasted, Sony didn't appear to have detected the intrusion until attackers' malware had already exfiltrated big amounts of Sony data. Moreover, Sony beginning response to GOP's need by pulling the plug on "The Interview" was a wrong movement every bit there were no credible threat being made. Then when GOP started leaking stolen content, Sony hired a high-profile attorney and threatened to sue media outlets, the messengers in this attack (Schwartz, 2014). The terminal reason why Sony response was deficient is considering Sony executives failed to have proactive responsibility for the security alienation. In both 2011 hacking case and this set on, the executives defends their decision equally being the clean-living victims and failed to provide basic countermeasures.
two) Should the U.S. authorities assist private organizations that are attacked (or allegedly attacked) by strange governments? Why or why non?
The U.South. government should aid individual organizations that are (allegedly) attacked by strange governments because, in the past few years, there has been an increment in the charge per unit and the severity of cyber attacks on U.S. companies. For instance, just in 2022 alone, Target, JPMorgan, Michaels, UPS, and many more than were hacked and lost numerous confidential client credit card data. Then in 2015, Cravath Swaine & Moore and Weil Gotshal & Manges were hacked by Chinese hackers and lost $four million trading data (Roberts, 2017). In 2016, Bangladesh Central Bank was hacked by North Korean hackers who reportedly exploited weaknesses in the SWIFT payment system to steal $81 million (Roberts, 2017). Despite beingness hacked, these companies couldn't do anything look to upgrade their security measures which are hackable and does not discourage hackers. Therefore, with the past records of numerous instances where companies being hacked by strange companies and the ever-changing risks in the cyber environment, the U.S. government needs to do more to support the individual sector so that it will discourage whatever ill hacking behaviors. Moreover, peculiarly if foreign governments are involved backside these hacks, the individual organizations are even more invulnerable and they don't have any ability to go against the land or do annihilation well-nigh it. Therefore, U.S. regime should establish sound cybersecurity measures for the individual companies while not creating regulations that hinder businesses.
Conclude/Recommendations
On a terminal note, in February 2016, cybersecurity companies Kaspersky and Alienvault announced that they had found new evidence linking the SPE attack with ongoing malware attacks directed at South Korea. They didn't disclose specifically where the attack originated, but they said evidence point to a group operating out of North Korea. As for recommendations, Sony definitely learned that in order to go along up with the overall advancing of technology they demand to stay on their toes regarding information security. It has been and will just become easier to perform computer hacks and the skills necessary to perform then are decreasing. Sony needs to continuously update, change, and implement technology and information security measures if they want to prevent another catastrophic outcome like this one from ever occurring over again.
Source: https://medium.com/@muyuanlii/the-sony-pictures-entertainment-hack-case-report-195c4681bf72
0 Response to "Business Problem-solving Case Sony Hacked Again: Bigger Than Ever"
Post a Comment