The cyber-attack on Sony Picture's infrastructure last November brought into sharp relief the fact that everyone can fall victim to such attacks and they are not going to go away.
Such was the scale of the attack, Sony is still picking up the pieces and many of its systems remain offline as security professionals seek to repair the damage caused by the affair. The hack led to embarrassing emails being released as well as a number of movies leaked to file-sharing sites. The finger of blame initially pointed to North Korea, said to be furious over the portrayal of its leader Kim Jung Un in the movie The Interview. Hard drives had also been wiped and its network was out of commission for more than a week.
In the light of this and other breaches over the past twelve months, how can we protect our infrastructure from such transgressions?
Entry point
Although no one seems to have publicly stated how the Sony attack happened, according to Barry Scott, Chief Technology Officer EMEA at Centrify, attackers initially look for a way into networks.
"Often through a phishing attack installing malware on an unsuspecting user's machine, and after gaining access they expect to have to jump from one system to another, increasing knowledge of the network as they go, until they hit gold," he says. "The goal is to find administrative credentials – without admin rights they are limited as to what they can do."
Enterprise internal network communications visibility and understanding of behaviour is an often overlooked element of information security, especially when organisations have significantly invested in modern border defences.
But in an era when even printers can be compromised and used as a pivot point to attack other systems, internal insight into what is genuinely happening is vital, according to David Palmer, Director of Technology at Darktrace.
"The complexity of large organisations can be managed by using machine learning and abnormality detection to direct the attention of defenders onto the incidents that most need investigating," he says.
GFI Software's General Manager, Sergio Galindo, says that organisations need to be aware of what is going on inside their own office and network. "By looking at network traffic – not only during office hours, but outside of office hours too – businesses can identify unusual traffic patterns that potentially give up a hacker," he says.
"What we saw with the likes of Sony and JP Morgan was that hackers were able to sit on the network for months, steadily gathering and transferring large quantities of information out of the organisation without anyone noticing," he adds.
