Why The Sony Hack Should Scare Feds

Mark Rockwell | FCW | December 12, 2014

As the fallout from the unprecedented electronic attack on Sony Pictures Entertainment continues, cybersecurity experts said federal IT managers -- while likely facing no immediate threat from the group that attacked Sony -- should be paying close attention.  The Sony Pictures attack -- which has left tens of thousands of the company's employees without computers or network access and scattered terabytes of sensitive data in the wind -- marks a new milestone for cyber "bad actors," according to Greg Bell, U.S. leader for cyber services and information protection at KPMG.

The attack by a group that calls itself "Guardians of Peace" marks a shift by cyber attackers to a more destructive path, Bell told FCW. Traditionally, attackers have focused primarily on monetizing stolen credit card and personal information purloined from U.S. companies. Lower-profile, but more concerning, exfiltration of intellectual property data and competitive business information tied to corporate or national interests have also been part of past attackers' modi operandi.

The attack on Sony marks the first time in the U.S. when an attacker has so blatantly damaged a corporate network and targeted and destroyed data in that system, Bell said. The group didn't ask for money, but demanded Sony block the release of "The Interview," a comedy parodying a CIA assassination attempt on North Korean dictator Kim Jong-un. North Korea is a prime suspect and has praised the attack while denying direct responsibility...