Hollywood on Alert Following Sony Cyber-Attack

Sony logo

The hacking attack that hobbled Sony Pictures Entertainment in recent days has left other Hollywood studios examining their own security measures.

Although no studio would say so publicly, at least three of Sony’s rivals said they were assessing and upgrading their own systems and protocols in the wake of the breach. However, there is a sense among the executives who spoke with Variety that the attacks on Sony were not a precursor to a wider assault on Hollywood companies.

The financial damage and the strain that the leaks have put on Sony’s operations should represent a wake-up call, security advisers tell Variety.

“You have to assume you will be compromised at some point,” said Tom Kellermann, chief cyber-security officer for data security firm Trend Micro. “You have to make it more difficult for people to steal your movies or steal your content.”

Kellerman recommends that Hollywood studios install breach-detection systems, intrusion prevention systems and data-loss prevention systems similar to ones used by financial institutions that deal with sensitive information, if they don’t already. Other experts suggested that studios collaborate more closely with each other and share information about threats and data-wiping malware they have observed.

In the case of Sony, much of the damage may already be done. Since the studio was hacked last week by a group calling itself “Guardians of Peace,” the salaries of top executives, the personal data and Social Security Numbers of 3,803 employees, and other sensitive internal documents have all seeped out online. Five of the studio’s films, including such unreleased titles as “Annie” and “Still Alice,” have also been released online and widely pirated.

Finding the culprit behind the attacks is a time-consuming process.

“It’s a six-month ordeal at minimum, and you’re looking at tens of millions of dollars in losses, and that’s not including and damage to your brand or possible lawsuits,” said Joe Loomis, CEO of online security firm CyberSponse. “On the forensic side, it’s a massive enterprise to interview all the parties involved. It’s like you’re walking into a black room and trying to paint a Monet.”

News reports have focused on the possible involvement of North Korea in the hacking attack. The country’s leaders are angry about the upcoming Sony release “The Interview,” a comedy with Seth Rogen and James Franco about a talk-show host recruited by the CIA to assassinate North Korean leader Kim Jong-un.

One security expert questioned the possibility that North Korea is involved, noting that it could create diplomatic incidents with Japan, where Sony is headquartered, and the U.S., where its film studio is based.

“To me, it looks like a combination of hackers on the outside working with somebody on the inside,” said Hemu Nigam, CEO of SSP Blue, an L.A.-based online-security consulting firm. “The personnel attacks that are happening (with the release of Sony Pictures’ internal data)… all suggest that someone internally has a vendetta against the company or is a disgruntled employee.”

Hacking and piracy are part of the new reality for studios. This year alone has seen films such as “Expendables 3” fall victim to rampant piracy potentially impacting its box office, along with the leak of high-profile trailers for films such as “Avengers: Age of Ultron” and a hack attack on the personal iPhone accounts of dozens of actresses such as Jennifer Lawrence and Selena Gomez. Sony’s attack may be the most damaging breach, but it’s hardly the only one.

“Most people think of information security as a game of cat and mouse that requires perpetual investments,” said Gerry Stegmaier, a Washington, D.C.-based cyber-security legal expert with the law firm Goodwin Procter.”You fix and repair one entrance and they just find a new way in.”

Todd Spangler contributed to this report.

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 5

Leave a Reply


Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. Mike says:

    Sure I’ll leave my credit card info with Sony for their entertainment network. I hope Netflix and Pandora have big firewalls. Not much info on theft of credit card info but I’m concerned.

  2. Contessa46 says:

    If the studios kept ALL production, pre & post you could probably limit the breaches by not sending digital Information all over the world. Go back to viewing work in screening rooms (yes more time consuming) but you get to keep control. it seems even the Pentagon can be hacked as well as businesses, banks etc. CONTROL is they key to your profit being maintained. So, forget the tax breaks in Vancouver etc and smarten up.

  3. Their I.T. department was likely sleeping on the job, now they want to start an international affair over a SETH ROGAN movie that they can’t even confirm was stolen?? Hollywood+fear mongering= FREE PUBLICITY.for a dumb movie idea.

    More of my opinion in here (I used to work in studio IT, and this story has more holes than Amazing Spiderman 2!) https://www.youtube.com/watch?v=7V_TD5hgAQg

    Hey Sony, my Blu Ray player stopped working. Can I blame North Korea for that too? Get back to work and stop trusting crappy I.T. management.

  4. Real says:

    Sony deserved to be hacked they always pirating writers projects and paying lazy assed bums.

More Film News from Variety