In November 2014, Sony Pictures experienced a particularly damaging cyberattack
, when information about employees and their families, including executive salaries, was obtained by hacker group, Guardians of Peace. The group also leaked private email exchanges between top executives that left the studio running around doing damage control with the media
over use of the material.
As a result, earlier this week
, Sony Pictures CEO Michael Lynton revealed that he has reverted back to writing sensitive messages by hand and faxes them to their destination.
However, is this really doing anything to improve data protection at Sony Pictures?
Fax machines have to be viewed as one of the least secure ways to share data. In the last three months of 2015 alone, the ICO reports
that sending sensitive information to the incorrect recipient (for example, entering the fax number incorrectly) caused 38% of data breaches in the legal sector, 25% of incidents in the justice sector and 23% of incidents in the health sector.
In addition, even if the information is sent to the correct machine, the data owner – that is, the person sending the information – then has absolutely no control over who picks up the printout and what they subsequently decide to do with it. (Loss of paperwork is another leading cause
of data breach incidents.)
Why, then, is the CEO of such a large tech company like Sony trusting in a system that is proven to put sensitive data at risk?
Encryption solutions exist that can protect organisations’ sensitive information to industry and government accredited standards while keeping tools like email usable to all members of the business and third parties. Technology is available with the ability to control what recipient do with shared information – such as save locally or print – and see detailed audit logs of what they’ve done with it. Companies like Sony should therefore be setting an example to the wider industry by adopting data security technology that offers genuine protection and information assurance to their employees and their customers.
If organisations are genuinely going to learn the lessons of the Sony cyberattack, they need to make sure information security is a natural part of how all employees collaborate to ensure they remain productive but to importantly also protect sensitive customer and corporate data.