Hacker News new | ask | show | jobs
by eru 4163 days ago
> In the case of SONY, the attackers were able to enter the network through spearphishing emails - something that essentially no investment in security is going to prevent.

Investment can make spearphishing much harder. Defense is not always absolute, but about raising the cost for the attacker.
1 comments
xnull2guest 4163 days ago
I agree that all security is a cost-benefit tradeoff. This is of course folklore wisdom. The importance with regard to the SONY case is that SONY was not the victim of an opportunistic attack but was targeted specifically. In this case, it is highly likely that SONY did invest in training its employees in corporate policy and security awareness (at least as much as any other corporation).

I have trouble thinking of a cost-effective way that SONY could have prevented #GOP from getting in.

IMO SONY had two failures:

1.) The hording of data. Again I don't think that this is uncommon. I would expect to see this at pretty much any company of their size.

2.) The lack of an ability to respond to the APT once it was discovered. This is extremely tricky business, but a critical piece of security. It is common now for businesses to assume that they have been compromised and to build out the capability to recover and isolate issues as quickly as possible. Unfortunately for SONY, all of their data had been exfiltrated out of the network by the time they knew there was a problem.

link
eru 4162 days ago
> The importance with regard to the SONY case is that SONY was not the victim of an opportunistic attack but was targeted specifically.

Amazon, Google etc are specifically targeted all the time. What's different?

link
xnull2guest 4162 days ago
Nothing is different if they are also targeted specifically.

The context of the discussion is that SONY, even if it 'increased spending on defense' would have been compromised because it was targeted in an attack rather than an attack of opportunity.

Amazon and Google also get hacked. So does Adobe and Microsoft. So does the DoD and Whitehouse. So does JPMorgan and Wallstreet.

link
Alupis 4161 days ago
> Amazon and Google also get hacked. So does Adobe and Microsoft. So does the DoD and Whitehouse. So does JPMorgan and Wallstreet.

The difference between Sony and the other companies you listed is the effort they put into security/technology-defense.

Yes, anyone might be hacked. That doesn't mean you just throw your arms up and let it happen. Sony effectively threw their arms up.

link