The big lessons from the Sony breach are that businesses need better planning and to shift security investment away from trying to protect the network from attacks and toward quickly detecting and dealing with breaches, Gartner says.
That means hiring staff to deal specifically with that type of exploit, which Gartner gives a new name: aggressive cybersecurity business disruption attacks.
It also means training employees to use digital media safely, and may require investments in network architecture changes, encryption and tools such as endpoint threat detection and remediation platforms, Gartner says in a new report "Attack on Sony Pictures is a Digital Business Game Changer."
The report says the Sony attack is a wake-up call. Because of the scope of damage this type of attack can wreak, businesses need to update their business continuity plans to pull in expertise beyond IT and security departments to include legal departments, human resources, corporate communications, and public relations. It should also include outside interests such as law enforcement and network service providers.
"Although the frequency of an attack on this scale is low, the attack's disruptive scope on business operations should be examined by CISOs, [chief risk officers] and [business continuity management] leaders to inform future planning and execution," the report says. "Security risk management is not new but it has new urgency."
Gartner expects that businesses jolted by what happened to Sony will be quick to respond. While today no large enterprises have plans for dealing with aggressive cybersecurity business disruption attacks, within three years, 40% will, the report predicts.
Specifically, the report recommends that those plans include expanding current attack-response to include an incident response manager trained to deal with all the parties that come into play when dealing with the aftermath of such attacks.
The analysis of business impact should include not only IT services and business processes but also a social media plan for controlling damage to the organization's reputation, Gartner says.
Gartner strongly recommends against striking back as it may risky and illegal.
As for IT recommendations, businesses should use endpoint threat detection and remediation tools and the expertise to analyze the data they collect. These systems gather data about behavior of individual endpoint devices and in some cases analyzes it as well as takes steps to contain damage.
With damage control in mind, networks should be segmented to help contain incursions when they are discovered. This should be done rapidly with the idea in mind to isolate areas that have been compromised. Deciding whether to cordon off an asset should be its value and the requirements employees have for accessing it. Use of encryption should be increased, Gartner says.
Sign up for CIO Asia eNewsletters.