What CEOs Can Learn From the Sony Cyberattack

All companies—not just big, public firms—are vulnerable to security breaches. Fortunately, there are measures CEOs can take to mitigate risk.

CybersecurityA closer look at what happened to Sony suggests that the nature of the recent cyber breach was more serious than first thought. As the story continues to unfold, we may find out that the North Koreans are not the true hackers. However, regardless of the origin of the perpetrators, it is clear that the incident should serve as a wake-up call for board members and CEOs.

In a recent attempt to survey 580 CEOs about security, we received a response rate of less than 1 percent. Today, thanks to the impact of Sony’s cyber attack, we believe that number would be much higher.

While Sony’s breach spawned the broadcast of an embarrassing amount of sensitive data, it also shut down the company’s computers and put the company in limbo for several days. Sony tried to continue with manual systems but simply couldn’t keep up. Even worse, it was unable to pay actors, suppliers and employees. Sony had to suspend operations until the company could rebuild the computer systems and networks.

“While one cannot address all security risks, there are things CEOs can do to mitigate the risk of a breach.”

Known as “Destover,” this class of malicious software (“malware”) is dangerous because it disrupts computer and company operations by first copying data and then erasing the “Master Boot Record,” disabling the computer storage. Similar disruptions occurred in 2012 at Saudi Aramco, where 30,000 terminals were shut down by the Shamoon virus, and in Iran in 2009, where the Stuxnet worm destroyed a thousand centrifuges.

To create further damage, the hackers posted online several unreleased films that undoubtedly cost millions in production expenses. Plus, they exposed thousands of sensitive and embarrassing emails, movie scripts, HR data, salaries, legal reports, passwords and the personal information of hundreds of employees and actors.

The Sony experience comes on the heels of a recent breach at JPMorgan. In June 2014, hackers stole an employee’s password and deposited malware on the company’s servers. Over several months, they eluded the company’s sophisticated alarms by extracting a huge amount of data very slowly.

While one cannot address all security risks, there are things CEOs can do to mitigate the risk of a breach. The answer lies in analyzing all areas of vulnerability and consciously deciding what to protect—and to what degree.

Cyberattacks come from hackers who breach company firewalls and security systems, stealing data and/or disabling the computers. Some believe that hackers are stopped by robust firewalls and sophisticated detection software, but that is only a part of the solution. Hackers gain easy access through three pathways—people, processes and systems.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.