Sony is an electronics and entertainment large size organization based out of Japan. There have been two major hacks against Sony. The first one was in 2011where an unknown user hacked the play station network accounts and accessed all the user IDs and passwords. This was a very big risk for the users as there was a threat of access to other personal information like credit cards, email and physical address, telephone numbers etc.
Second was according to a published work by Biddle, (2014), there is a very famous and big hacking ‘tragedy’ with this company. In the year 2014 on 24th November, “Guardians of Peace”, a hackers group hacked and released very confidential data including personal information of employees, their families, official & personal emails, salaries of the executives in the company, copies of all the movies which were not released at that point in time and some more important information from, Sony Pictures Entertainment’ film studio (Biddle, 2014).
Wiese (2014) reported in USA Today that Immediately after this incident in the next month, December 2014, the “Guardians of Peace” group asked and demanded Sony to pull back one of its movies; ‘The Interview’. This movie was a comedy about ‘Kim Jong-un’ assassination who was a leader in North Korea. The group also issues threats to Sony that the movie theaters screening the movie will be attached by terrorists. After this threat, all major movie halls and chains of cinema decided that they won’t screen this film. Sony had to cancel the planned formal premiere of the movie including the release. They rather only released a digital version instead and the theatrical release was very limited one day later (Weise, 2014).
There was news reported by Sanger & Perlroth, (2014) in The New York Times that “United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, alleged that the attack was sponsored by North Korea. North Korea has denied all responsibility” (Sanger & Perlroth, 2014).
Economic Consequences
This is related to the second hack of 2014. Hornyak (2015) mentioned based on the financial statement and declaration by the executives that the estimated loss and damage caused by the hack against Sony Pictures was around US $35 million. In one of the earnings report in December ending quarter, Sony had announced that the cost for investigations and remedy would be around $15 million. Later in the next quarter the general manager, Takeda mentioned this to be $35 million. Majority of this cost was for restoring the information technology and the financial landscape and systems (Hornyak, 2015).
Non-Economic Consequences
Apart from the company getting a bad name for vulnerable security systems in place, this event triggered a lot of controversy between the countries like Japan, America and North Korea. Also, the companies became aware and were scared that this can happen to anybody and thus the security issues became a CEO level affair and were included in the corporate strategy. Other than this, there were physical security concerns in America when there was a terrorist attack threatening. This event had a huge impact in non-economic terms as well.
Company’s Brand and Reputation was Affected due to the Hack
During both instances of security breach and hack, the company’s reputation was badly hit. Customers were very unhappy and scared. Sony had to face huge challenges of customer retention. The fact that hackers could hack the security system twice was the biggest question and indication of the careless attitude in the eyes of the customers and market. Even those customers who were associated with Sony since their childhood were now thinking about whether to continue sharing their information in future or not.
Damage Control by Sony – Customer Confidence and Security
Kiss (2014) published an article in ‘The Guardian’ where she has mentioned how Sony took the necessary measures to regain customers trust and give them confidence in the brand. First of all, in 2011 hack, the company proactively notified all the customers of Play Station network to change their passwords. In 2014 hack, first of all, the company stopped the release of the film to make sure there is no harm done to the viewers of the film. After this they worked with the investigating agencies to completely go to the root cause and sources of this hack. Sony brought the security and information technology to the CEO level responsibility and included this in the corporate strategy as a top priority. The investment of $15 million US dollars was a clear sign of how Sony revamped the information technology and security of the assets (Kiss, 2014).
Pre and Post Hack Security Practices at Sony and Evaluation
Chmielewski (2014) mentioned in her published article that a few months before the hack Sony underwent an audit which was done by PricewaterhouseCoopers and the result mentioned that there are over 100 devices and 1 firewall that were not monitored and not being managed properly by the security team. Before this could be fixed, the cyber-attack happened and it resulted in all the events we just mentioned above. Thus, rather than poor devices or lack of software, this was more of an operational and strategic miss on the security (Chmielewski, 2014).
SANS institute (2015) has mentioned around 20 best practices for security at the corporate level which was the basis of Sony’s damage control in terms of revamping the security. Some of these were proper management for inventory of all the devices whether authorized or not, same for all the software, most secure configurations for every possible device, access controls, secured firewalls, capabilities for data retrieval, robust network engineering and most importantly data protection (SANS institute, 2015).
Even though the two attacks and especially the second one made a huge dent in everything from brand value to the reputation to the losses however Sony managed and overcame impossible looking problem very well as the revenue continued to increase and company grew year on year.
References
Chmielewski, D. (2015). Sony Pictures Knew of Gaps in Computer Network Before Hack Attack. Re/code. Retrieved April 11, 2016, from http://recode.net/2014/12/12/sony-pictures-knew-of-gaps-in-computer-network-before-hack-attack/
Hornyak, T. (2015). Hack to cost Sony $35 million in IT repairs. Network World. Retrieved April 11, 2016, from http://www.networkworld.com/article/2879814/data-center/sony-hack-cost-15-million-but-earnings-unaffected.html
Kiss, J. (2014). Sony hack: sacked employees could be to blame, researchers claim. The Guardian. Retrieved April 11, 2016, from http://www.theguardian.com/film/2014/dec/30/sony-hack-researchers-claim-sacked-employees-could-be-to-blameJemima Kiss
Sanger, D & Perlroth, N. ( 2014). U.S. Links North Korea to Sony Hacking. The New York Times. Retrieved April 11, 2016, from http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0
SANS Institute, (2015). Critical Security Controls: Guidelines. Retrieved April 11, 2016, http://www.sans.org/critical-security-controls/guidelines
Weise, E. (2014). Experts: Sony hackers 'have crossed the line. USA Today. Retrieved April 11, 2016, from http://www.usatoday.com/story/tech/2014/12/17/sony-hack-the-interview/20519545/
