In their keynote address at last month’s big RSA conference in San Francisco, PreVeil board member Admiral James Stavridis and Harvard’s Juliette Kayyem looked at the story of North Korea’s hack of Sony. Hacking attacks by nation states are a particular problem for firms in the defense industry and institutions engaged in high-level technical research. But the Sony story shows any organization can be a target. In Sony’s post-mortem in the press, it described itself as ‘not a security company.’ But buckling down on cyber hygiene isn’t just for companies operating within the security space.
The attack on Sony was not sophisticated. North Korean hackers gained entry into the entire system by compromising a single point of failure, an administrator’s password. We’ve said it before and we’ll continue to say it until companies take heed on a large scale – all single points of failure must be eliminated. Had Sony employed a system of distributed trust, as we do at PreVeil, hackers would not have been able to access the whole system through just one compromised account.
Further, had Sony used encryption keys secured to users’ devices in place of passwords, hackers wouldn’t have been able to compromise accounts from oceans away in North Korea. They would have had to enter the United States and steal Sony employees’ physical devices. Even if, as members of a hostile nation with visa restrictions against them from the US government, they were able to enter the country, sneak onto Sony property, and sneak out with high ranking employees’ devices, the missing devices would set off warning bells for Sony. Someone would have acted sooner and, even in this best case scenario for the hackers, their efforts would likely have been thwarted.
Admiral Stavridis said at RSA and we’ve been saying it for years: companies need to buckle down on their cybersecurity protocol, regardless of industry. PreVeil is here to help, with end-to-end encrypted secure communication systems designed for enterprises.
Contact our sales team to learn more about how you can bring the power of end-to-end encryption to your enterprise.