The Sony breach may be start of new nation-state cyberattack

It has been an exceptional year for IT security breaches and part of an escalating trend in destructive attacks, and it's going to get worse.

It has been an exceptional year for IT security breaches, which have become part of an escalating trend in destructive attacks. And they're going to get worse.

The Sony Pictures cyber attackers are doing everything they can to inflict damage on the company. They have released films, emails, medical records, and all sorts of confidential data, and are making threats of physical attacks in conjunction with the release of The Interview, a comedy about the attempted assassination of the North Korean president. On Wednesday, Sony canceled the Dec. 25 release of the movie after theater chains said they would not show the film because of the threats.

The Sony breach has the earmarks of a nation-state operation because of its sophistication and ruthlessness, and on Wednesday, U.S security officials told the New York Times  they had concluded that North Korea was behind the Sony cyberattacks.

There is also serious speculation that the October attack on JP Morgan Chase, which compromised some 76 million records, was also orchestrated by a nation-state -- possibly a retaliatory move by Russia over Ukraine sanctions. In 2013, the Iranians were blamed for denial-of-service attacks on U.S. banks.

The sources of the JP Morgan and Sony attacks have not been officially confirmed, but Avivah Litan, a security analyst at Gartner, is convinced that what we are seeing is a new type of nation-state attack.

For years, the Eastern Europeans and Russians have been going after point-of-sale systems and credit card processors, and the Chinese have been involved in espionage against private sector firms, Litan said.

"But the big new thing is the nation states," she said. Russia, North Korea and China "are going after private sector companies in a very public way."

Litan said this trend of nation-state attacks will escalate.

"More political differences will be fought in cyberspace, and nation-states will retaliate against U.S. companies to make political points," Litan said.

"Private sector companies are not equipped to deal with the force of the nation states," she said. "They don't have the resources to fight them off. It's a national security issue, and there needs to be a national strategy to try to stop it. "It's really pretty serious," she said.

Litan described what's going on as warfare, and if that's the case, there's evidence that businesses are trying to put their IT security on a war footing.

For example, jobs in cybersecurity are growing. Dice, a technology employment site, said ads for jobs in cybersecurity were the fastest growing in the IT field this month. Compared with December of last year, cybersecurity job ads have increased 77%, from 1,606 to 2,842 as of Dec. 14.

"You can't escape hearing about security breaches in the news today, which is one reason businesses are adding security professionals to their hiring needs for 2015," said Shravan Goli, president of Dice.

In its ongoing surveys, Robert Half Technology, a human resources consulting and staffing firm, asked 2,400 CIOs about the area where they face the most challenge in hiring. In June, security ranked third at 12%, behind applications development and networking, which were both at 17%. But when surveyed again in October, security moved to second place at 15%.

"There is no doubt that IT security has been a rising priority just over the past year and will continue to be a high priority in 2015," said John Longwell, research director of Computer Economics. In 2012, the IT security professional made up about 2% of the typical IT staff. Today, it is about 2.4%, he said.

But Charles Kolodgy, an analyst at IDC, said there is no singular event driving security spending increases.

"The overall threat environment continues to grow, but part of that threat growth is predicated on the growth of IT in general," Kolodgy said. Frances Karamouzis, an analyst at Gartner who covers IT services, said that spending on security-related IT services is jumping dramatically. "I would say it's increased over 100% if not more," she said.

Outside services are also expensive, especially when 24/7 coverage is required, and it won't replace the need for companies to hire their own security personnel, Karamouzis said.

Some see the end of 2014 as a preamble to 2015.

The real damage to companies from these big data breaches may arise from the subsequent legal actions.

Steve Hultquist, chief evangelist for RedSeal, a security analytics company, is predicting that cyberattacks next year will create a "security situation that destroys a midsize or large organization."

By "destroy," RedSeal officials mean it could come in the form of negligence damages, which could be truly huge.

Vijay Basani, CEO of EiQ Networks, which provides security intelligence and compliance services, expects to see next year an increasing number of attacks that go beyond simply stealing information.

"We will see additional Sony-like attacks where perpetrators will cause significant business disruption," Basani said. "This will be the result of intruders erasing highly sensitive data, making networks and systems inaccessible, as well as creating fear in employees by threatening to leak personal data."

Join the CSO newsletter!

Error: Please check your email address.

Tags new york timesdata securitysecuritySony Picturessonydata protection

More about 24/7DiceGartnerJP MorganMorganRobert HalfSonyTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Patrick Thibodeau

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place