The FBI today named the North Korean government as responsible for the cyber attack against Sony Pictures last month, saying its technical analysis points to the isolated, Communist country.
But now what?
"This could embolden future attackers," Johannes Ullrich, dean of research for the SANS Technology Institute and the head of SANS's Internet Storm Center security arm, said of Sony's withdrawal of its comedy, The Interview, earlier this week after threats were posted online by the alleged hackers. "Just like with real-world threats, a successful highly-publicized attack like this will draw out copy cats to conduct similar attacks against other companies."
The attacks, which were disclosed in late November, made off with gigabyte upon gigabyte of internal Sony documents and files, including embarrassing emails, financial information, passwords, and current and former employees' personal information.
Speculation that North Korea was behind the attack has been circulating for weeks, primarily because of The Interview, a movie whose plot centers around an assassination attempt against the country's dictator, Kim Jung-Un.
But fingering North Korea is a waste of time, said John Pescatore, director of emerging security trends at the SANS Institute.
"There's been so much focus on the cyber warfare aspect of this, as in 'Oh, my God, this was North Korea,'" said Pescatore in an interview today. "The focus has been on the actors, not on the [weak security] that enabled the actors."
More important than arguing who was responsible, said Pescatore, will be what companies do in response to the massive leaks from Sony.
"We've been scared of trying out stronger authentication, but maybe we'll try that now," hoped Pescatore, talking about two-factor authentication for accounts, including email and network access, that relies on more than a username and password. Two-factor authentication also requires another piece of information, typically a multi-digit code generated by a specialized hardware token or more commonly, by a service provider or enterprise IT department, that's sent to a user's smartphone.
Without that code, hackers who manage to dupe victims into disclosing their passwords — typically via a phishing attack, which many experts believe was at the root of the Sony attack if it wasn't an inside job — are not able to access hijacked accounts.
"Maybe this is the one more straw on the camel's back," said Pescatore.
Sony's example should also convince companies to encrypt all of their data, or at least more of it. "Encryption is not easy to do when you want to collaborate, but the hope now is that the attacks cause enough management attention for companies to say, 'We are going to do this hard thing,'" Pescatore said.
The decision to yank The Interview — triggered by U.S. theater chains' announcements that they would not show the movie for fear that the hackers' threats of physical attacks would be carried out — was blasted by many security experts this week.
Sign up for CIO Asia eNewsletters.