During spring 2013, I wrote an article about will your IT drag you down?, but I didn't mention how lack of basic IT-security could impact a large company.
A few weeks ago, the first of several articles from the data breach at Sony Pictures were published and the story continues day by day. The question may now be if Sony Pictures will survive as a company or not.
So what happend? As far as we know, several thousands of servers were compromised and all their content was taken. With all, I mean everything from unreleased movies to HR-related documents, internal marketing material and security certificates.
First of all, this was not a cloud breach. All attacked servers were hosted internally, but the security measures were not, according to rumors, up to normal standards.
They [Sony Pictures] don't know in what degree their systems are hacked, neither when it started. Some says it happened last winter, nearly a year ago. The consequence of this is that they have to scrap all their existing IT-plattforms and applications in order to avoid any implementera back-doors. Re-install everything from scratch and migrate all data is a daunting task.
Then we have the legal side with SOX and other regulatorns that may been violated and that could result in costly law-suites.
Third, without IT is it very hard to run your business. Is it possible to run movie production or other parts of the business? Some of the latest information pusblished about the hack was that the company couldn't pay out the salaries to Christmas.
It's a sad story for all the people involved and it's probably getting worse the next weeks. So what can we learn from this?