Threat Lessons from Sony and Anthem

The cyberattack on Sony Pictures entertainment left plenty of roiled waters in its aftermath: lawsuits from employees whose personal information was leaked; apologies to President Obama and other subjects of hasty emails; US sanctions against North Korea and a war of words back and forth; and the irony of Sony turning to the entity most identified in those emails as a threat to its content distribution model, Google, to distribute “The Interview.”

The Anthem hack exposed a record number of customers. Such a large-scale attack on health records rather than payments, as in the comparable Target attack, raises questions as to just what information the hackers were seeking.

Now come reports of ISIS attacks on US websites. The hacker reportedly placed the black ISIS flag on the websites of several American businesses including a zoo in California and cocktail bar in Massachusetts, seemingly trolling the Internet for vulnerable, albeit lower-profile, targets. Even today it’s not possible to assess the full extent of the damage. But there is widespread agreement that, taken together, these kinds of hacks are unprecedented. Here are some lessons.

There have been highly disruptive attacks before (on Saudi Aramco in 2012), political stunts (LulzSec), and ones that have inflicted high costs (Target, for one prominent example). Although the FBI described the sophistication of the Sony attack as “extremely high,” some cybersecurity experts say otherwise. But what is clearly new about these recent attacks are their wholesale breadth and brazenness.

Sony reportedly hardened its systems after the 2011 PlayStation Network breach caused it to lose information from 77 million user accounts. But hardening systems has focused on firewalls to keep threats out, constantly updating to keep abreast of changing threat signatures. The trouble with this focus is that it does not stay ahead of new threats.

Increasingly, cybersecurity is focusing on detection and resiliency for inevitable penetration of firewalls. The MIT Media Lab, for example, hardly uses any firewalls so it can enable its users to collaborate widely and launch websites without needing permissions. Security relies instead on monitoring systems thoroughly in order to establish a baseline, identifying anomalies such as a computer moving unusual volumes of data or communicating with suspect IP addresses, and responding rapidly when unusual behavior is observed by taking affected computers off the network.

Would measures like these have prevented the Sony or Anthem hacks? One would expect that monitoring could detect unusual access to or transmission of gigabytes of unreleased films or mass email accounts and set off some alarms.
The government would not issue sanctions against North Korea without a high level of confidence in the attribution of the Sony attack. Even so, some analysts insist it was an inside job.

A reason to suspect insider involvement is the breadth and scale of what was stolen. After all the best publicised thefts of information were accomplished by insiders; like Chelsea Manning and Edward Snowden. Snowden was able to take so much and make such broad statements about what he could learn about people because he had extraordinary access as a system administrator.

In the wake of the Snowden revelations, the NSA took steps to limit how much access a single systems administrator can have. The Sony attack is a reminder that other organizations need to do the same. 

Techcrunch:

« A Simple Guide to GCHQ's Hacking Powers
IT Governance Cyber Security Phishing Awareness Course »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.

ITUS Secure Technologies

ITUS Secure Technologies

ITUS offer fully outsourced cybersecurity solutions working with leading security vendors, providing next-gen solutions.