skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


The data breach at Sony Pictures, the US movie studio arm of the Japanese electronics conglomerate, is the latest and most high-profile example of cybercrime yet. It may also be the best advertisement ever for privileged identity management (PIM) technology.

Sony’s woes should raise the profile of PIM

The December 2013 breach at Target was one of the worst such events to date, with the details of some 40 million credit cards stolen from the US retailer. However, it pales in comparison with this end-of-year cybersecurity horror story, which, like a script from one of Sony’s movies, features everything from studio executives slating stars to a nuclear-powered dictatorship threatening retaliation against the US for accusing its operatives of masterminding the attack. Not to mention terror threats against movie theaters for showing a comedy about the assassination of the leader of said dictatorship.

Whether North Korea was really behind the hack remains to be seen. The case appears to rest on the malware involved having been compiled in Korean and used in the Dark Seoul attacks on South Korean banks in 2013, but with the malware underground offering such kits for budding hackers, that is scant proof. Also, the culprits started out by asking for ransom, which points to financial rather than political intent.

More significant, from Ovum’s perspective, is the story, attributed by CNN to unnamed US officials, that the hack was made possible by the theft of credentials used by a systems administrator. If this is indeed the case, the Sony breach will be the best advert yet for PIM, the subset of identity and access management that deals specifically with system administrators and C-level executives alongside secure machine-to-machine interactions. Savvy hackers target such accounts within an organization because their credentials can open the door to its crown jewels.


Further reading

On the Radar: Avecto, IT0022-000272 (December 2014)

SWOT Assessment: BeyondTrust – The BeyondInsight and PowerBroker Platform, IT0022-000256 (November 2014)

“Dell’s security business focuses on market trends to remain relevant,” IT0022-000202 (October 2014)

“Prioritization and privilege are key themes at Infosecurity 2014”, IT0022-000058 (May 2014)

SWOT Assessment: Lieberman Enterprise Random Password Manager v4.83.6, IT017-004211 (November 2013)

SWOT Assessment: Cyber-Ark Software, Privileged Account Security Solution, V8, IT017-004198 (September 2013)


Rik Turner, Senior Analyst, Infrastructure Solutions

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now