Sony breach is a new breed of attack that needs new responses

The big lessons from the Sony breach are that businesses need better planning and to shift security investment away from trying to protect the network from attacks and toward quickly detecting and dealing with breaches, Gartner says.

The big lessons from the Sony breach are that businesses need better planning and to shift security investment away from trying to protect the network from attacks and toward quickly detecting and dealing with breaches, Gartner says.

That means hiring staff to deal specifically with that type of exploit, which Gartner gives a new name: aggressive cybersecurity business disruption attacks.

+[Also on Network World: U.S. on Sony breach: North Korea did it; Worst security breaches of the year 2014: Sony tops the list]+

It also means training employees to use digital media safely, and may require investments in network architecture changes, encryption and tools such as endpoint threat detection and remediation platforms, Gartner says in a new report "Attack on Sony Pictures is a Digital Business Game Changer."

The report says the Sony attack is a wake-up call. Because of the scope of damage this type of attack can wreak, businesses need to update their business continuity plans to pull in expertise beyond IT and security departments to include legal departments, human resources, corporate communications, and public relations. It should also include outside interests such as law enforcement and network service providers.

"Although the frequency of an attack on this scale is low, the attack's disruptive scope on business operations should be examined by CISOs, [chief risk officers] and [business continuity management] leaders to inform future planning and execution," the report says. "Security risk management is not new but it has new urgency."

Gartner expects that businesses jolted by what happened to Sony will be quick to respond. While today no large enterprises have plans for dealing with aggressive cybersecurity business disruption attacks, within three years, 40% will, the report predicts.

Specifically, the report recommends that those plans include expanding current attack-response to include an incident response manager trained to deal with all the parties that come into play when dealing with the aftermath of such attacks.

The analysis of business impact should include not only IT services and business processes but also a social media plan for controlling damage to the organization's reputation, Gartner says.

Gartner strongly recommends against striking back as it may risky and illegal.

As for IT recommendations, businesses should use endpoint threat detection and remediation tools and the expertise to analyze the data they collect. These systems gather data about behavior of individual endpoint devices and in some cases analyzes it as well as takes steps to contain damage.

With damage control in mind, networks should be segmented to help contain incursions when they are discovered. This should be done rapidly with the idea in mind to isolate areas that have been compromised. Deciding whether to cordon off an asset should be its value and the requirements employees have for accessing it. Use of encryption should be increased, Gartner says.

Penetration testing should look at IT and non-IT business processes, and should include how vulnerable the organization is to social engineering.

Training employees in safer behavior is a must. "People will not change their behavior unless they have motivation to do so, and organizations must generate that motivation in a positive, consistent and persistent manner." They should be motivated to use digital media safely, and perhaps people-centric security is in order, the report says.

"The rise of ubiquitously connected devices and the Internet of Things has expanded the attack surface, and commands increased attention, larger budgets and deeper scrutiny by management," The Gartner report says. "Security is not a technical problem, handled by technical people, buried somewhere in the IT department. ... Risk-based decision making requires improvements in non-IT executive communication and engagement."

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityGartnersecuritybecalegalSony breachsonySony Picturescybercrime

More about GartnerSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place