Putting aside the continuous debate on attribution of the Sony breach and, now, the discourse on possible regulatory and legislative outcomes quickly glomming onto the massive media attention this incident garnered, I think it's important to look at a few other practical takeaways from this headline-grabbing attack.
I'm not at all minimizing the importance of keeping a close watch on federal government and congressional leaders' use of the Sony hack to push whatever specific agendas they may have – such as resurrecting a range of measures that could give government bodies the legal means to access private data about individuals without search warrants; exempt them from citizen-protecting oversight measures, like Freedom of Information Act requests; arm them with the ability to furnish any entity that shares desirable data with them immunity from prosecution; and more (think Cyber Intelligence and Sharing Act- or CISPA-like legislation that already was roundly beaten once). Indeed, the political, philosophical, privacy-right, U.S./nation state-relation and other potential ramifications of this breach must be monitored closely. As Whitehat Founder and CEO Jeremiah Grossman tweeted recently, “If politicians can turn cybersecurity into a vote gather opportunity, they will. Net-net, bad laws will come.”
Putting all these concerns aside, though – along with other ones about the efficacy of the government investigation that resulted in holding Korea responsible for the attack in the first place and calls by rightly skeptical industry pros to the FBI and NSA to share more details about the evidence they've gathered – a key realization for cybersecurity professionals and their executive leaders alike should be to acknowledge the need for a robust and well-practiced crisis management plan and an examination and investment in security analytics/threat intelligence gathering solutions and procedures. As we highlight in this edition's cover story and our Emerging Products reviews, both of these areas are vital to helping organizations deal with the intensifying threat landscape that hallmarked last year and will continue to be the major characteristic of this one.
It's because of this fact that analyst firms like Gartner call out as a major technology trend for 2015 more thorough, well-planned data analytics and security initiatives that give organizations' CISOs and their teams actionable security intelligence to battle known and unknown threats. This data, in turn, not only might help prevent attacks – an unlikelier outcome with each passing day, yet the one most executives would prefer – but also aid them in mitigating the impacts of a breach when it most-assuredly does happen. Reducing the time it takes to detect a network infiltration (Sony's attackers apparently got in back in September, according to most reports), should help security teams more effectively and immediately reduce the damage it may cause and more handily implement and adhere to that crisis/business continuity management plan we discuss in our feature pages. More and more, it's becoming about post-breach detection, mitigation and savvier, much more thorough business continuity/disaster recovery.
The complexities of these regularly occurring, media frenzy-inducing cyberattacks likely will grow, impacting companies, private citizens, government agencies and the United States' relations with other nations in ways we've yet to imagine. The imaginable, meantime, reveals that there are areas for most companies to improve upon, lessons to be had from the many organizations victimized so far, and steps and supporting technologies to implement that will enable all the preparations needed to best manage and endure the calamity of the now inescapable breach.