Gartner Blog Network


Sympathy for the Sony

by Jay Heiser  |  December 12, 2014  |  1 Comment

Getting attacked by the North Koreans for making a movie that spoofs their sad little country and its tinpot dictator makes Sony the most sympathy worthy attack victim of the millennium.

No shopper is comfortable with the idea that a merchant might have leaked their credit card, but nobody is going to boycott a movie maker because they leaked Sylvester Stallone’s social security number.  On the contrary, the news of this dramatic hack is going to encourage huge attendance for a movie that otherwise doesn’t seem to have the ingredients typical of a cinematic masterpiece.  They couldn’t have invented better PR than this.

The actual source of the attack remains to be seen, but given the glee expressed by the officials from Asia’s answer to Grand Fenwick, for the time being we might as well treat this as a surprising act of technical competence from a place that is generally considered a digital trailer.  Can it be that the mouse that roared can’t take a bad and tasteless joke when it hits close to home?  Fearless Leader fears satire?

In a period of days, Sony has suddenly become the globe’s cybersecurity poster child.  It is morbidly fascinating to see a continuing series of news articles related to the material stolen from Sony, and anyone with any background in Infosec is itching to learn more details about what level of protection effort was in place, and what form of attack managed to so thoroughly comprise such large chunks of their digital enterprise.  However, it is too early to have a definitive opinion on the relative degree to which Sony may or may not have followed best security practices. It is uncertain how many additional negative consequences will accrue as embarrassing internal memos leak. It is premature for any other organization to use the example of Sony as a significant part of their business case for security program improvements.

What do I think?  I’m pretty sure that there will be some important lessons that will come out of the analysis of this incident. I don’t think it represents a new normal in the degree and prevalence of  digital compromise, but only time can establish norms. What I know for certain is that after all this buildup, I’m deadly curious about a flick that otherwise would have been pretty far down my list. I’m going to the theater, and I’m going to cheer for the good guys.

 

 

 

Category: security  

Tags: hacking  north-korea  security  security-incident  sony  

Jay Heiser
Research VP
6 years at Gartner
24 years IT industry

Jay Heiser is a research vice president specializing in the areas of SaaS and public cloud risk and control. Current research areas include SaaS governance, cloud provider transparency and digital business risks.Read Full Bio


Thoughts on Sympathy for the Sony




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.