In a plot twist that is normally seen on the big screen, the culprit behind the Sony Pictures Entertainment attack may not have been just North Korea, as previously thought. At the end of 2014, Sony Pictures suffered a major data breach that not only revealed employee information but also confidential business data that could affect future films and its standing in the movie industry. Now cybersecurity experts are investigating the possibility that one or more former employees of Sony Pictures perpetuated the breach.
The impact of the breach is widespread, as media outlets and Sony Pictures employees have criticized the high-profile firm.
The company has to contend with former employees threatening legal action against the firm for not protecting their sensitive information, Reuters reported.
"An epic nightmare, much better suited to a cinematic thriller than to real life, is unfolding in slow motion for Sony Pictures' current and former employees," the lawsuit said, according to Reuters.
IT security firm Norse Cooperation said the breach that exposed the information of thousands of current and former Sony Picture's workers could have been caused by an ex-employee who has insider knowledge of the ins and outs of its computer systems rather than hackers located in North Korea, SC Magazine reported.
Mark Rasch, a former federal prosecutor, said he had doubts about the source of the Sony Picture's data breach, according to the Norse Corporation blog.
"It has always been suspicious that it was North Korea," Rasch said. "Not impossible - but doubtful…It made a lot more sense that it was insiders pretending to be North Korea."
Tips to Better Detect Employee-Driven Breaches
With the risk of insider data breaches, companies should take security precautions to avoid attacks from within:
1. Identity Potential Insider Threats
There are several profiles insider threats may fit into, but the crucial part is pinpointing possible employees in the organization who may pose a risk before data breaches happen. Companies should consider monitoring employees, with special attention to workers who are at the bottom of the rung, to collect intelligence about possible threats, according to Tripwire.
2. Prioritize Information Security
Insiders may be more likely to target the company's most important information, which makes it necessary for firms to guard this information above all else, according to Information Week.
3. Notify IT Teams of Terminations
Some employees may be insider threats if they still continue to have access to systems even after they have left the company. Companies should alert IT teams and request that they modify terminated employees' permissions.