Ira Winkler and Araceli Treu Gomes

In threat assessment, the ‘who’ matters

Knowing who could come after you helps you prepare the appropriate defenses and response

We’re a bit perplexed by the attention being given to the hack of Sony Pictures. It’s not that the hack doesn’t deserve attention; it was potentially devastating from a business and operations standpoint, and companies that are hacked should not try to bottle up that information.

What is perplexing is that so much of the attention has centered on the question of whether or not North Korea was behind the attack. This storyline seems to have arisen from the fact that the studio has an upcoming Christmas release, The Interview, in which two journalists who have snagged an interview with Kim Jong Un are recruited by the CIA to assassinate the North Korean leader. That scenario isn’t impossible, but it is highly unlikely. Giving it credence is counterproductive, because who is behind any particular hack — and who is likely to attack your enterprise — is of utmost importance.

Here’s why North Korea is an unlikely culprit. The damage done by a North Korean attack would be different, because of what that nation would want to accomplish by attacking Sony Pictures. It would likely want to impose maximum damage, while potentially extorting the studio into agreeing not to release the film.

What was actually done, however, fits the profile of a hacktivist group: complete destruction of systems, and embarrassment of the targeted organization.

And, indeed, a hacktivist group, calling itself #GOP, has taken credit for the attack. So what is really worth knowing in this affair, rather than pretty much baseless speculation about North Korea’s role in it, is any and all information about this previously unknown group. This is especially true because #GOP has threatened to target other organizations, including law enforcement agencies. Therefore, organizations interested in protecting themselves need to learn as much as possible about this group, determine its attack strategies and the type of malware it uses. Gathering that kind of information will allow organizations to recognize when they are under attack by #GOP or have been successfully infiltrated by it.

That kind of knowledge is key in building defenses. Anytime an organization believes that it has been compromised, the ability to figure out who is behind the attack is essential. When you know the who, you know which countermeasures are likely to be effective, you know what type of data is being sought, and you know how to begin to mitigate any damage due to information leakage and/or destruction.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon