Did you learn anything?
What has the Sony hack taught us? Obviously, securing your network is not for medical practices only! Personally, I am shocked that an entity like SONY would not have an iron clad network. Don’t ask me to define iron clad because at this point, I am wondering if it is even possible. Hackers always seem to stay one step ahead of us. How can we possibly secure all the ePHI that is out there? First off, you have to plan. You have to take a deep, deep look into your network, and come up with a comprehensive security plan. There is much more to do than securing all the entry points.
In Sony’s case, I am truly baffled. They had a folder called “passwords”. Who would do that? At least disguise it! This alone tells me there had no comprehensive security plan. Just because they had a firewall does not mean they had security. How long did it go undetected? I would love to know the “specifics” of this hack. Not because I’m nosy, but to learn.
What has the Sony hack taught us? There is maleware called Destover, and it acts as a backdoor and is capable of wiping drives and the MBR (master boot record). In other words, it can sneak into your system, and completely take it over. Just like that. Folks, there is no such thing as 100% security. Another thing learned, is that email is not really private. If there is something you don’t want anyone to know…don’t email it. When you write an email, just assume anyone can read it. (actually, they can).
What happens next? The FBI has confirmed that is is the North Korean government that is responsible for the attack. Can they prove it? Can they be brought to justice? It is hard enough to trace a cyber attack, yet alone prove it, and convict someone. It is my opinion that most of your time should be spent having your ducks in a row, and trying as best as you can to secure your network. I have said it 100 times, “a network is like a cabin in the woods with the natives trying to get it”.
Protect your network.