The Sony Breach Stymification

At first glimpse, the recent Sony Pictures breach appears to be fairly standard. Embarrassing emails, financial data and electronic records were stolen, leaving in their track a downed network with a company frenziedly trying to review, recover and respond. Suddenly, however, those breached email communications between executives were leaked to the media, referencing well-known actors, thus feeding into our gossip-obsessed nation. Breach just got real.

As a CIO I’m almost paralyzed by the story that continues to unfold but I find myself drawn to three rudimentary missteps taken by Sony and a tinfoil cap-esque conclusion.

First Time Shame on You

This is not the first, nor likely the last, data breach situation for Sony Pictures. By all intents and purposes it appears that, as with each previous attack, cybersecurity measures will likely not be ramped up. For a company that leverages and produces such a significant amount of digital material, it perpetually exudes an above-reproach and untouchable vibe. This is unfortunate for a variety of reasons, not least of which is that the company has established itself as an antagonistic target for hackers at large. Sony Pictures needs to invest immediately in a full security assessment, and dedicate security analysts and specialists to its team. If this is not something it can manage in perpetuity, it needs to collaborate with a provider tout suite.

This Feels Like a Bad Movie Script

Let me get this straight. A movie was produced that is so gritty and so realistic and so mind-numbingly accurate, yet disparaging of North Korea, that an entire nation has now threatened 9/11-esque attacks should it be released? Not to be taken lightly, the threat level is being drilled home by hacked emails between Sony execs diminishing star talent level as a preview of what’s about to come?

As a semi-intelligent person I’m supposed to believe that this is what has led to the Sony hack? That would make perfect sense to someone with a robust sense of self, but I refuse to believe we live in a world where yet another hacking incident of a movie company should be a bigger deal than a hack of a hospital or even a big box chain. First off, if this is true, then the rest of the world must consider us Americans to be an incredibly vapid and soulless bunch, and that we as a nation put such an exorbitant amount of importance on the entertainment industry.

This assumes that “The Interview” must be one heck of a movie. Early reviews beg to differ. Apparently whatever vibe they were going for (satire, humor…?) was apparently pulled off pretty horribly and with zero intelligent degree of entertainment. From all accounts, the effects in any of the Charlie’s Angels movies were more compelling. It’s as if this film is trying to portray Kim Jong-Un in a Southpark Saddam Hussein way and just missed every possible mark.

I’m sure this fanfare has nothing to do with the fact that, prior to all this sensationalism, not a single syllable of interest has been uttered in reference to this movie. But hey, we’re talking about it now, right?

Frankly, this entire scenario feels like a movie. No seriously. A terrible marketing ploy that spun out of a hack. Or worse, a terrible marketing ploy that started with a self-induced imaginary hack. Because no business can get struck by lightning this many times and refuse to respond by at best upping security measures and at worst by simply educating their employees on how to appropriately communicate via email.

Email Communication 101

Who are these employees, executives no less, that continue to communicate via email under the assumption that their words are protected and secure? Granted, emails between Sony execs making fun of movie stars for being entitled brats whose talent might be minimal but their bang is huge isn’t exactly news. Last I checked no one has been comparing Angelina Jolie to Nicholson or Brando. But empowering that level of disparaging remarks about your “moneymakers” in electronic mail is flat-out ignorant and likely speaks volumes to the level of professional we’re talking about here. “Internet messages are permanent” and “be professional at all times” are standard rules of thumb.

Is this a marketing scheme born of a standard hack? Or a hack as a result of a marketing scheme.

“Hackers to Sony: We’ll stand down if you never release the movie.” Something isn’t right. I just can’t fathom that anyone cares this much about this movie. Now released, unquestionably more have flocked to the movie than would have prior to all the drama. Feedback is in line with the initial reviews. In other words, it’s not a great movie.

As the investigations unfold, fingers are pointed at ex-employees, internal sources and a variety of well-known groups. Had all of this hoopla not occurred, “The Interview” would have likely been a box office flop. Flash forward, and it has become “Sony’s Top Online Film Ever“. I have a feeling we’ve all been played.