Physical Security Attack on Sony Pictures
Sony Pictures is one of the American entertainment company, which was founded on December 21st, 1987. At first it was called as Columbia Pictures Entertainment Inc., later in August 7th 1991, it was named as Sony Pictures Entertainment Inc., also known as Sony Pictures.
Sony Pictures suffered its first breach in 2011, where one million user accounts were hacked. But the hack happened on November 2014, included 100 terabytes of data being stolen and it effected the company a lot.
A group of hackers who call them as Guardians of Peace (GOP) hacked the company’s network by attacking their systems/computers. One the same week of this attack, five movies of Sony Pictures were leaked along with some confidential
…show more content…
Ways to Improve Organization’s Physical Security
Sony Pictures must pay attention to the physical security to prevent breaches in the future. GOP already mentioned that they were able to enter the organizations building because of open doors. The concept of open doors must be stopped. There should be a tight security maintained at the building entrance. All employees and visitors are required to use access cards or badges to enter into the building. Access given to a particular person should be based on the role he/she is performing in the company. This will limit people going to unauthorized areas.
Another important thing is always to maintain a separate security team. Security team can be either physical or data oriented. Physical security team will monitor all the surveillances and check the perimeters of the building to prevent authorized people entering into the building and data security team will check the company’s log files frequently to see if there is any unauthorized activity happened.
Finally the company should update the employees with the security policies and procedures to prevent the attacks.
Sony Corporation is a Japanese owned company, created in 1946 based in Tokyo, Japan. The company competes in the technology market with diversity. This includes video games, computers and computer hardware, television, media players, etc. With that being said, Sony has had their ups and downs over the past few years, just like everyone else in this industry. Things such as the U.S. economy can really affect the future of this company. Now that the economy is on the downfall, things such as entertainment are not as important as paying for food, gas, and other bills. It is important to realize these things as you analyze the company due to the fact that the company
Sony has multiple networks, but the PlayStation Network has over 77 million users. In April 2011, Sony characterized a security breach as an “illegal and unauthorized intrusion” of the Sony networks. In fact, there was a series of breaches by different groups of hackers. The information provided by registered users, including usernames, passwords, names, and addresses, was compromised. In addition, the credit card information of users who make online purchases may have been compromised. Sony did not announce this information until a week after the last breech. The network was shut down after the last of the breaches.
Physical security is implemented via a locked door policy that is set with swipe card access. The company has security cameras set up in the front entry hallway to record entry and exit of all personnel. The server room floor is raised with cable management fed through easy access panels. The server room is locked at all times, with access is via swipe card only. There are foam sprinklers throughout the roof system to protect against fire. Racks are locked up to ensure no items can be manipulated without appropriate personnel present. Studio and production labs also have swipe card access to protect equipment.
Workers who are not prepared in security best practices and have feeble passwords, visit unapproved sites and/or click on connections in suspicious messages or open email connections represent a tremendous security danger to their bosses' frameworks and information. Answer for this issue is, train representatives on digital security best practices and offer continuous backing. A few representatives may not know how to ensure themselves on the web, which can put your business information at danger. It is crucial to hold instructional courses to help workers figure out how to oversee passwords and abstain from hacking through criminal movement like phishing and keylogger tricks. At that point give continuous backing to verify workers have the assets they require. Additionally verify workers use solid passwords on all gadgets. Information burglary is at high helplessness when representatives are utilizing cell phones (especially their
What type of attack was launched on Sony? The assault on Sony network is believed to have been started with a simple spear phishing attack. This phishing attack allow the hacker group ‘Guardian of peace’ to gain access to the network by stealing network credentials. More than likely the simple phishing cause an un-trained employee to give up their network credentials with out a fight. “Analysis conducted by AlienVault revealed that the source code was specifically designed to target the Sony Pictures. The source code examined by Alien Vault used a simple login and password to gain access to Sony Pictures corporate network”( ). Experts believe that the hacker recycle a previous found code from all ready pre-existing malware, specialist had a look at the code and uncovered that this preexisting code was modified/written and send out by Korean speaking hackers.
For asset protection from internal theft, the store uses cameras and internal staff to monitor other staff to address this. Internal to external exists including ones in other parts of the building which are staff access only are also alarmed to prevent and deter internal theft.
What do Premara Blue Cross, Anthem, Chick-fil-A, Sony, USPS, MCX, Staples, Kmart, Dairy Queen, SuperValue, Jimmie John's, Viator, Home Depot, PF Chang's, Community Health Systems, and JP Morgan all have in common? Each of these companies were hacked during 2014-2015. Sadly, this is just a short list showing the breadth of industries and size of operations that are vulnerable. According to Time Magazine in March, 2015, "You're not just imagining it: Lately, a new data breach has been reported almost every week."
In June of 2015, the Office of Personnel Management found out that it was being hacked. The hack had been going on for several months before authorities realized it. It was one of the largest security breaches in United States history.
Piggybacking and tailgating theft are ways that criminals try to gain entry to a facility. The only option to protect the company from this is to use methods of access security. This could be door key code locks or badges. This will ensure that only authorized individuals will gain access. To ensure maximum security would be adding a biometric feature along with a code or badge. A thumbprint scan would be very easy to collect from employees and authenticate once scanned. Before entering the facility, an employee would have to scan a badge as well as placing their thumb on a
Physical security will involve the company securing its assets by devices such as alarm system for off hour use, and identification cards for employees. A process should be in place to make sure that guests are properly identified before gaining assess to the facility. Users cannot take computer home unless they are protected by encryption software. Downloading proprietary information onto floppies, CD, thumb/flash/memory drives and other portable media should be disallowed unless such transactions are pre-approved and proper security measures are taken.
This case study, written in 2009 is not the only case where a major data breach has occurred within organizations. In the late 2011 Sony’s PlayStation Network (PSN) was breached impacting up to 77 million user’s accounts including data on names, address and possibly credit card details. In late 2013 Target had a cyber-attack that compromised a large quantity of its data and had 110 million accounts compromised. Finally in September 2014 Apple had their iCloud server breached by hacking that compromised all the users of the online server. These occurrences still have some unanswered questions and several experts have yet to decipher the actual reason as to why the security breach occurred.
“Security programs are aimed at creating an appreciation and understanding of the Security Department’s objectives as they relate to the specific industry they serve” (Sennewald, 2013). Businesses come in all different sizes, some big some small. Businesses need a plan to ensure assets, personnel, and facilities are protected and this plan must be actively in place. Security programs provide businesses with the framework needed to keep a business or company at the security level needed to operate. This can be done in numerous ways. Assessing the risks involved, lessening the gravity of those risks, and keeping the security program and the security practices updated are just to name a few. In this core assessment paper, I will identify an actual organizational security program, conduct
In April of 2011, Sony had a major breach in its video gaming online network. Countless amounts of customer data were stolen, including personal information such as where they lived, who they were, and possibly even their credit card information. This attack happened to about seventy seven million Sony accounts (Cunningham). Cyber or Internet threats have been both increasing and been getting more and more sophisticated. In 2011, Saudi Arabia and Israel had been getting back at each other with personal information. Hackers from both countries gained financial and personal information about the other countries’ citizens and published it. A 19-year-old Saudi Arabian posted the financial information of six thousand Israelis. For revenge, Israeli hackers secretly gained credit card numbers and financial details from thousands of Saudi Arabians
Many types of security are in existents today, site or mobile patrol; loss prevention functions; special events security; in-house security functions and private investigations are some of the tasks. Choosing the right one for the needs of any establishment should be one of the ultimate goals of the business. This paper will focus on proprietary and contract security in particular. A comparison of the two types of security will be addressed. Identifying some of the issues in either type of security is of great importance as well as understanding the various roles of security personnel. After briefly recognizing some
Security plays a major role in both the business and government worlds. We will discuss the legal aspects of organizational security management. Discuss both the positive and negative influences regarding organizational security. We will also be discussing what consequences will both business and government operations have to overcome if they fail to achieve security goals and objectives. The value private security management brings to businesses will also be discussed.