The data breach at Sony Pictures, the US movie studio arm of the Japanese electronics conglomerate, is the latest and most high-profile example of cybercrime yet. It may also be the best advertisement ever for privileged identity management (PIM) technology.
Sony’s woes should raise the profile of PIM
The December 2013 breach at Target was one of the worst such events to date, with the details of some 40 million credit cards stolen from the US retailer. However, it pales in comparison with this end-of-year cybersecurity horror story, which, like a script from one of Sony’s movies, features everything from studio executives slating stars to a nuclear-powered dictatorship threatening retaliation against the US for accusing its operatives of masterminding the attack. Not to mention terror threats against movie theaters for showing a comedy about the assassination of the leader of said dictatorship.
Whether North Korea was really behind the hack remains to be seen. The case appears to rest on the malware involved having been compiled in Korean and used in the Dark Seoul attacks on South Korean banks in 2013, but with the malware underground offering such kits for budding hackers, that is scant proof. Also, the culprits started out by asking for ransom, which points to financial rather than political intent.
More significant, from Ovum’s perspective, is the story, attributed by CNN to unnamed US officials, that the hack was made possible by the theft of credentials used by a systems administrator. If this is indeed the case, the Sony breach will be the best advert yet for PIM, the subset of identity and access management that deals specifically with system administrators and C-level executives alongside secure machine-to-machine interactions. Savvy hackers target such accounts within an organization because their credentials can open the door to its crown jewels.
On the Radar: Avecto, IT0022-000272 (December 2014)
SWOT Assessment: BeyondTrust – The BeyondInsight and PowerBroker Platform, IT0022-000256 (November 2014)
“Dell’s security business focuses on market trends to remain relevant,” IT0022-000202 (October 2014)
“Prioritization and privilege are key themes at Infosecurity 2014”, IT0022-000058 (May 2014)
SWOT Assessment: Lieberman Enterprise Random Password Manager v4.83.6, IT017-004211 (November 2013)
SWOT Assessment: Cyber-Ark Software, Privileged Account Security Solution, V8, IT017-004198 (September 2013)
Rik Turner, Senior Analyst, Infrastructure Solutions