What CEOs Can Learn From the Sony Cyberattack

All companies—not just big, public firms—are vulnerable to security breaches. Fortunately, there are measures CEOs can take to mitigate risk.

Systems Safeguards

1. Weak cyber security:

• A hacking ‘industry’ exists—largely offshore with smart hackers and sophisticated computers that continually “ping” thousands of networks, day and night, with random and “continuous-learning” codes to unearth security holes. Called Advanced Persistent Threats (APT), sometimes the loot is used directly by the scanning party, but often it’s sold to other parties with a malicious interest in the victim. The scanners could be individuals or maybe even a nation-state that can afford sophisticated “pinging” equipment and staff. One can reduce the risk of this type of penetration with superior network-monitoring tools and a skilled staff.

“Hackers exploit security holes in web and customer portals, thereby gaining access to company computers.”

• Once planted, malware may go active immediately or sit dormant until activated. Sophisticated, up-to-date malware-detection software must be constantly run to sniff out the offending code and remove it. To the extent possible, applications should be discrete to contain damage and well-thought-out procedures must be in place to contain damage if and when malware goes active.

2. Vulnerable web and customer portals. Hackers exploit security holes in web and customer portals, thereby gaining access to company computers. Robust firewalls, sophisticated network security software, discrete applications and skilled staff are necessary.

3. Insecure mobile and teleworking access. Personnel must use secure Wi-Fi channels when communicating with company computers. Otherwise, hackers can sit nearby and piggyback on unsecure Wi-Fi channels to gain access to the logged-on devices and computers.

Often, successful penetrations are the results of not just one but two or more techniques. In addition, the actual data theft or disruption may take place days or weeks after the initial penetration and may continue undetected for some time. At Target, the data on 80 million credit cards was slowly copied over three weeks from production Target computers and staged in Target backup computers.

It was subsequently transmitted undetected, in big batches at odd hours to offshore entities from Target’s backup computers. At Sony, the hackers used Sony’s PlayStation servers to distribute their loot. The JPMorgan data theft occurred slowly over three to four months in order to avoid detection. Security breaches are now a way of life and are potentially very damaging. It’s not “if” you’ll get hit but “when” and “how badly.”


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.