Today, President Barack Obama weighed in, too, saying, "I think they made a mistake," of Sony and the theater chains.
"This will encourage others, certainly," said Tom Chapman, director of cyber operations at Edgewave, a San Diego-based security firm, and a former U.S. Navy cyber-warfare commander who also worked with the FBI and the Navy's criminal investigative service, or NCIS. "What's going to happen if there's a movie that a Muslim terrorist doesn't like? What will happen if some group says, 'Don't sell this product' or 'Don't support this cause?'"
Ullrich agreed. "With the wave of DDoS [distributed denial-of-service] attacks over the last years, they found a lot of 'followers' [when] they where successful," he said in an email reply to questions.
For Chapman, implementing stricter security measures — something Sony in hindsight certainly should have done, as none of the documents leaked by the hackers was even password protected, much less encrypted — is well and good. But he urged companies to do more than that.
"An IT department must know what's normal [on their network] and what's not normal," Chapman argued. "They have to watch what's going on on their network. There's no way someone should be able to remove gigabytes of data and not be noticed."
In its statement today, the FBI said it would "identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests," a hint that the reports of possible retaliation against North Korea were accurate.
Good luck with that, said Chapman.
"There's not much we can do to get back at them," Chapman said, pointing out the sanctions already imposed on North Korea and its almost non-existent digital infrastructure. "We have to find a different method."
Sign up for CIO Asia eNewsletters.