Sony has pulled the release of its forthcoming film The Interview in an move that should stand as a warning to any business that leaves its networks exposed to external threats, according to the security community.
The entertainment company capitulated to an escalating series of threats from the hacker group Guardians of Peace, which is reportedly sponsored by the North Korean government.
Sony has seen its emails and internal documents released, and its staff and industry partners, including cinemas, threatened.
The final straw came when cinema chains said they would not be showing the film in response to threats made towards them hinting that violence may occur at screnings.
In response to this the firm has confirmed the film will not be released.
Mark James, security specialist at ESET, said that Sony cannot have taken the decision lightly and must have weighed up the risks associated with showing the film.
“Normally these types of attack don’t impact the average person, but this incident is causing people to stop and think,” he said.
“And with Sony now pulling screenings of The Interview it shows how much it’s affected not only Sony but more importantly Sony’s customers. The safety of the public is paramount here and Sony has done well to support that.
“Sony stands to lose millions if the film is pulled completely, and the damage already done by this attack is massive and will be very damaging for Sony’s brand.”
Brendan Rizzo, technical director at Voltage Security, said the move underlined just how much damage a hack can have on a company and why it is so important to have as many defences in place as possible.
“If attackers gain an upper hand and are able to wreak damage on companies at will without being traced, and if these attacks are able to achieve at least some of their objectives (such as the recent postponement of the movie release that we have just seen), this could be a harbinger of an escalation in these types of attacks,” he said.
“That is why it is so important that companies give their utmost attention to protecting their sensitive customer, employee and company data in a best-practice, data-centric manner to shield themselves from any such attacks.”
TK Keanini, chief technology officer at security firm Lancope, said the incident was another example of the fact firms are learning hard lessons about online security and the need for secure software systems.
“Companies in the information age need to understand that they are all software companies and need proper information security,” he said.
“What if this was not blackmail or ransom? It might have been months or even years before it was detected. The fact that this particular [hacking group] made themselves known should make everyone very uncomfortable.”
Clinton Karr, senior security strategist at Bromium, added that the disclosure of internal information can be very damaging indeed.
“The public disclosure of private information can be just as damaging to the reputation of a brand as the theft of financial information, so the Sony breach has ramifications all the way to board level just the like Target breach before it,” he said.
“Information security professionals are constantly making investments to implement new security solutions, so the question should be ‘Are they making the right investments?’.”