Fallout from the Sony Hack

Sony HackWe’re seeing the first fallout from the Sony hack. Early estimates from the Sony is that it cost $15 million but experts have pointed out that it is too soon to know the final cost and that this early estimate does not include the cost of lost customers.

(If you haven’t read about the Sony hack, lots of details here and here).

But last week one of the two Sony CEOs announced her departure. Amy Pascal (who found out via the hack she was making less than her co-CEO) is moving on effective May 2015.

And she claims to be taking operational security more seriously now. Her emails are “shorter and safer now”. She is carrying four separate handheld devices “with various names and passwords”.

Pascal may be taking operational security more seriously but she still doesn’t understand it.

Sony CEO still doesn’t understand the hack

First, the Sony email servers were completed taken over by the hackers. It doesn’t matter how many smartphones you have if the server that hosts your email has been hacked. It doesn’t matter how short your emails are if you still say silly things that will get you into trouble when released to the public.

Second, four separate handheld devices? My first reaction was that’s great, now there’s four devices for someone to have to configure securely instead of just one. How many people can manage to secure just one? The thinking could be that you compartmentalize devices per project. Or it could be one is for work, one is for looking for other work, one is for family and one is for friends. But again, I go back to my point that the Sony email servers were hacked so all her email was leaked regardless of device.

Various names and passwords

Do various names and passwords actually help with security? If the passwords are all variations like password1, password2, password 3, etc. then no. If you’re using a password manager (like Lastpass ) that can generate secure passwords and let you know if you’ve used the same password more than once, then yes, the various passwords will help.

What about various names? Not really. Almost all accounts are linked to your email address. So in this case as her email address was leaked via the hack, various names won’t help.

Get educated

What the Sony executives need to do, like all business owners, is to educate themselves on cybersecurity for their business. You can start here.