Most people these days, when they hear the words “cyber attack,” think of data breaches with legions of unknown hackers breaking into the computer systems of big retail chains to obtain customer credit card information. Recently, however, we learned that hackers aren’t just targeting the stores we shop at. They’re now going after the Hollywood film studios that produce the movies millions of people flock to during the holiday season.
Last month, a group known as “Guardians of Peace” hacked and disabled the computer systems at Sony Pictures. The attackers leaked several of the studio’s upcoming movies, as well as employee salaries, healthcare records, and Social Security numbers. The attack may have come from North Korea in retaliation for a new movie called The Interview, which pokes fun at the country’s leader. I hope the movie is funny, because what has happened since the attack is definitely not.
According to the Wall Street Journal, morale at the studio is down. Employees have learned what their colleagues and bosses are paid. They’ve been forced to find ways to do their work without the benefit of their computer systems. They’re afraid of what additional information about them and their colleagues could end up online. (If you’re wondering what a cyber extortion attempt looks like, just look at what’s appeared on the screens of hijacked computers.) And just late last week, Sony employees started receiving threatening emails from the hackers. And if that wasn’t bad enough, today we learned that attackers have once again hacked into the Sony Playstation system and stolen more customer information.
To me, though, what’s most frightening is what could be on the horizon. Is this just the beginning of a cyber war? If so, what companies will be the next targets? How will the attacks affect their operations — and their employees’ privacy?
No one can answer those questions with certainty, but one thing is for sure: Cyber attacks are real, and we all need to be careful how we engage with the online world. My advice: Use passwords that are hard to guess. Don’t open or click through suspicious emails. And perhaps most important, don’t make any videos that make fun of North Korea.
If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or email me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn.