3 Major Security Lessons from the Sony Pictures Data Breach

3 Major Security Lessons from the Sony Pictures Data Breach
With the devastating attack on Sony Pictures Entertainment that exposed corporate and personal information, IT security professionals are using the intrusion as a warning for companies to strengthen their data security. The attack on Sony Pictures revealed four unreleased movies online as well as the information of more than 47,000 current and former Sony workers and celebrities, The Wall Street Journal reported.

As the risk of cyberattacks worsens for companies holding sensitive information, firms should consider ways to improve their cybersecurity.

Here are three lessons to take away from the Sony Pictures hack:

1. Be Aware of the Information Stored in Databases

The Journal recommends that companies should have a full understanding of the kind of data that is stored in their systems. This can range from personal to financial data. The most important step is to track this data as it is in the system to be aware of the type of data vulnerable to exposure and attack.

2. Assess Extent of Data Protection Needed

As companies know what kind of data to guard, they will have to determine the tools needed for protection against various attacks. Malware attacks may necessitate scanning or encryption for data like personal information. Cybercriminals could also create customized malware designed to infiltrate systems, making data breach detection and remediation resources crucial in these cases. Knowing the cyber-related risks involved could allow companies to better shape their data protection strategies. 

"As opposed to saying just deploy this new technology or new process, we really will have to think more broadly about whether we have the right strategy or approach," said Greg Bell, global information protection and security lead partner at KPMG, according to the Journal. 

3. Divide Information into Various Servers

With the attack on Sony Pictures, the data may have wiped the information from the company's systems. To avoid cases of data loss, IT security professionals recommend that firms have segmented corporate networks, The Associated Press reported. Segmenting the information could block cybercriminals from gaining access to confidential information and preventing malware from erasing collections of data. 

"It appears that the type of attack that occurred is probably the worst attack for an organization," said Lance Larson, a lecturer in the Homeland Security graduate program at San Diego State University.

Larson said companies need the most recent backups because of the risk that they will lose that data.