Article

Ernie Diaz
Ernie Diaz 13 January 2015

Hackproof: How Not To Be Sony

There is a lesson to be learned about protecting your privacy online from the recent Sony hacking scandal.

Before the holidays, the world was shocked when the large multinational Sony Entertainment was hacked. How could such a large company like Sony be hacked and furthermore, is it impossible to prevent an elite team of hackers if they want to get into a company’s systems?

 

The chances that hackers got into Sony through a back door left open by accident, or by some disgruntled employee, is much, much greater than the odds that they employed some truly technically difficult programming to get in.

 

But why is that? Because that’s how virtually all the hacking cases I’ve ever come across happen. Follow the conversation below to understand how you can take steps to safeguard your company’s online privacy.

How can a large company like Sony get hacked?

These are the kind of organizations that can easily spend a million dollars on a corporate retreat for their executives, but won’t hire a vetted net security specialist for $200k a year.

Doesn’t best practice tech security involve expensive hardware?

In most cases, no. In terms of Sony, and almost any other organization that wants to prevent hackers, it’s a matter of systems, not hardware.

What kind of systems?

Systems that are relatively easy to set up, but require diligence to maintain.

Give us a checklist of systems.

OK, the first system would be a password policy. The second would establish and track who has access to what in a company’s files.

That’s it?

Believe it or not, yes. This would prevent 95% of would-be hackers. The crazy thing is, I know of only a few companies that do this well, or let’s say systematically - only companies with high level security at all phases of their operations, such as defense contractors.

How do we prevent the other 5%?

Setting up your servers correctly. Segmenting the server so that sensitive files are partitioned correctly is pretty straightforward. But you want to pay someone good to do it, to set up these systems.

And few companies do?

Amazingly, no. Maybe they will now, in the wake of this Sony debacle. But usually the decision-maker doesn’t have enough awareness of tech security and what it’s worth to justify the extra investment. The server will essentially be one big file.

And even the ones who segment their servers correctly don’t follow the security policy diligently. An employee gets fired, and no one bothers to cancel his password. That kind of thing. That’s where the security breach usually comes from.

What about foreign companies in China – do they need more stringent systems?

I guess if the Chinese government wants to get your data, and it’s stored in a Chinese data center, they can.

So a company in China concerned about security should have its own data center. Is that expensive?

It depends on how much data you have. Essentially, it means having your own servers. But having worked with a lot of Chinese companies, as well as foreign companies in China, I’d say implementing the systems we talked about before will make a company as secure as it needs to be.

What if I’m a foreign company in China working on proprietary software? What are my chances that some well-funded Chinese hackers are targeting me?

Very slim. If you’re a defense contractor working on an engine system for a new bomber, that kind of scenario, then you’d best be taking every possible measure, but as I mentioned, those kinds of companies already are.

Otherwise, there’s too much potential downside in getting caught, compared to the upside of getting some code before its finished, as opposed to the normal method of reverse-engineering once a product is out (laughs).

OK, last question. I’m a well-funded tech company in China that wants to take every security precaution. I’ve had an expert segment my servers and establish a security policy that I’m implementing, and all my data is on in-house servers. What is the last mile for complete protection?

Hire programmers who regularly attempt to hack your files. This will expose any existing holes in your systems. It’s best practice for companies with high stakes in tech security, since it’s a constantly evolving field.

The key concept is building anti-fragile systems, for security and otherwise. I recommend anyone interested to read the book ‘Antifragile’ for better understanding.

 

Read More on Digital Doughnut

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Promote Your Blog On These 30 Places

Promote Your Blog On These 30 Places

Social Media channels are one of the best ways to promote your blog content, but you shouldn’t stop there. Besides Social Media, there are more available places on the web which can be a great marketing tool for your blog promotion. I’m bringing you 30 proven places where you can promote your blog content and get great results.

Aleksej Durdevic
Aleksej Durdevic 7 December 2016
Read more
Top 10 Digital Branding & Marketing Trends for 2017

Top 10 Digital Branding & Marketing Trends for 2017

It’s time to re-evaluate and rebalance the digital approach for your company. Here are the Top Digital Branding & Marketing Trends for 2017 to watch for. The probing minds at the Borenstein Group, a Top Washington DC Digital Marketing and Branding Agency, have done the homework for you. Use it or lose it.

Gal Borenstein
Gal Borenstein 7 December 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
What Mobile App Design Looks like in 2017

What Mobile App Design Looks like in 2017

They say ‘move with the time or the time will leave you behind’. Being a startup it is important for you that you understand the trends, and amalgamate them in your business in order to attain the targets.

Nasrullah Patel
Nasrullah Patel 6 December 2016
Read more