“I’m not saying he’s a whore, but he’s a whore. I never cease to be amazed at the chutzpah of actors,” read the unfortunate email written by a Sony executive about actor Kevin Hart.
This embarrassing correspondence is one of many revealed to the public by the 2014 cyber attack on Sony Pictures entertainment, which will be forever memorialized after being published on the whistleblowing website WikiLeaks.
If there is a silver lining to these leaked emails, it’s that they provide vital lessons on the ways in which cyber coverage needs to continually evolve to keep up with the sophisticated nature of modern technology attacks.
“The recent release via WikiLeaks shows that cyber breaches are often now a simple ‘one-time’ event as many other types of risk can be,” said Christian Davies, cyber broker with Safeonline. “What we have seen with Sony is the determination by the hackers, once inside the network, to extract as much information as possible and drip feed it via the most destructive channels – in this case the media – over a certain period of time.”
Although these hacks are often sustained over that period of time, Davies notes that cyber policies should also consider what happens when the attacks finally cease.
“It demonstrates the importance of a cyber policy that covers not only preventative techniques, but a post-breach strategy involving IT forensics or other third-parties that can assess and help your organization prepare for any further damaging events.”
In fact, a recent report in Bloomberg BusinessWeek outlined the five areas in which small to medium-sized businesses should make sure they are protected:
- Offline practices such as discarded paper with sensitive financial information on it
- Employees should be trained in avoiding online scams and accidentally inviting hackers into the IT system
- Mobile devices such as smartphones and tablets should all be outfitted with the latest security software
- Hardware should be updated with encryption tools to ensure that costumer data remains safe
- Cloud computing should also be encrypted and contain safeguards from intruders
For clients who lack awareness of the dangers associated with cyber crime, Davies recommends walking them through a real-life scenario and explaining how their organizations would be impacted in explicit, quantifiable terms.
“I would say the most simple way would be to develop example ‘loss scenarios,’ using past breaches but also thinking about what sort of potential losses could happen within their client’s sector,” he said. “For many clients, cyber can still be quite a tricky risk to get their heads around, so using real-life or ‘worst case’ scenario to explain it in layman’s terms may help to generate discussion.”
Read the full article here.