skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view

Summary

The data breach at Sony Pictures, the US movie studio arm of the Japanese electronics conglomerate, is the latest and most high-profile example of cybercrime yet. It may also be the best advertisement ever for privileged identity management (PIM) technology.

Sony’s woes should raise the profile of PIM

The December 2013 breach at Target was one of the worst such events to date, with the details of some 40 million credit cards stolen from the US retailer. However, it pales in comparison with this end-of-year cybersecurity horror story, which, like a script from one of Sony’s movies, features everything from studio executives slating stars to a nuclear-powered dictatorship threatening retaliation against the US for accusing its operatives of masterminding the attack. Not to mention terror threats against movie theaters for showing a comedy about the assassination of the leader of said dictatorship.

Whether North Korea was really behind the hack remains to be seen. The case appears to rest on the malware involved having been compiled in Korean and used in the Dark Seoul attacks on South Korean banks in 2013, but with the malware underground offering such kits for budding hackers, that is scant proof. Also, the culprits started out by asking for ransom, which points to financial rather than political intent.

More significant, from Ovum’s perspective, is the story, attributed by CNN to unnamed US officials, that the hack was made possible by the theft of credentials used by a systems administrator. If this is indeed the case, the Sony breach will be the best advert yet for PIM, the subset of identity and access management that deals specifically with system administrators and C-level executives alongside secure machine-to-machine interactions. Savvy hackers target such accounts within an organization because their credentials can open the door to its crown jewels.

Appendix

Further reading

On the Radar: Avecto, IT0022-000272 (December 2014)

SWOT Assessment: BeyondTrust – The BeyondInsight and PowerBroker Platform, IT0022-000256 (November 2014)

“Dell’s security business focuses on market trends to remain relevant,” IT0022-000202 (October 2014)

“Prioritization and privilege are key themes at Infosecurity 2014”, IT0022-000058 (May 2014)

SWOT Assessment: Lieberman Enterprise Random Password Manager v4.83.6, IT017-004211 (November 2013)

SWOT Assessment: Cyber-Ark Software, Privileged Account Security Solution, V8, IT017-004198 (September 2013)

Author

Rik Turner, Senior Analyst, Infrastructure Solutions

rik.turner@ovum.com

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at pr@ovum.com

Contact marketing - marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now