How the Sony Pictures attack changed the rules of cybersecurity

Within three years, the percentage of companies that have a formal plan in place to deal with the disruption caused by aggressive cyberattacks will rise from zero to 40.

In IT, game changers don't come along very often but when they do, they impact just about everybody. The November attack on Sony Pictures was one such event which overnight forced all of those responsible for an IT organization's security to look again at their preparations for the worst.

According to analyst Gartner, the issues raised by the Sony attacks have not only caused organisations to reevaluate at their security, but also shifted the industry's perception of the best forms of defense.

Firstly, it has underlined the requirement to have formal plans in place to deal with aggressive attacks that are capable of seriously disrupting a business. Secondly, Gartner said, it has shifted the focus from blocking and detecting attacks, to detecting and responding to attacks.

FBI says North Korea is 'responsible' for Sony hack, as White House mulls response

UPDATED. The FBI said it had "enough information to conclude," following technical analysis, that the rogue state was behind the cyberattack that crippled Sony's networks.

Read More

As the analyst points out, although the frequency of a large-scale cybersecurity attack is low, this is no reason to scale back on security. The industry knows this and that's why Gartner expects the number of companies who have a formal plan in place to deal with this sort of attack to jump from zero percent currently to 40 percent by the end of 2018.

Gartner argues that these "business disruption attacks" require new priority from chief information security officers and business continuity management leaders, since aggressive attacks can cause prolonged disruption to internal and external business operations.

Gartner defines "aggressive business disruption attacks" as attacks that are targeted and that can reach deep into internal digital business operations. They are created "with the express purpose of widespread business damage," said Gartner vice president Paul Proctor.

"Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the internet by attackers," he said.

The damage can last for some time after an attack, and the reaction can be widespread. "Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack," he said.

"These attacks may expose embarrassing internal data via social media channels."

IoT a danger, too

Security issues are also raised by that latest darling of the IT industry, the Internet of Things (IoT), Gartner said.

The rise of ubiquitously connected devices has expanded "the attack surface, and commands increased attention, larger budgets and deeper scrutiny by management," the analyst said.

However, there is no need for panic, and "digital business should not be restricted by these revelations." Instead an emphasis must be placed on "addressing technology dependencies and the impact of technology failure on business process and outcomes".

The expectation that digital business is a successful consumer business model relies on IoT devices being "always available," Gartner said, and any interruption during the end-to-end transaction process "means that business transactions may not be completed, thereby negatively affecting customer allegiance and the revenue stream expected from the digital business offering".

In other words, while few doubt the potential benefits the IoT could bring to consumers and businesses, it also poses considerable risks - and these are risks which, like the IoT itself, will only grow in coming years.

Read more:

Sony Pictures corporate files stolen and released in cyberattack

Cyber-espionage expected to surge in 2015: McAfee Labs

Mac OS X is the most vulnerable OS, claims security firm