Sony Cyber Attack Case Study

1. Was Sony's response to the breach adequate? Why or why not?

Sony made several mistakes in its response to the attack, some of those are:

1. Failure to spot the breach: Sony was unable to detect the breach to its security until things escalated and hard drives were erased. Nobody knows how long the hackers were penetrating SONY network which could be days or months before the escalation. (Schwartz, 2014)
2. Caving to the hackers demands not release the comedy (The Interview) And then contradicting this statement and claiming they always intended to release the movie. (Schwartz, 2014)
3. The company failed to proactively take responsibility for the breach of its employees’ private information and made then vulnerable. This was not the employees’ fault.  
4. Threatening to sue the media that reprinted leaked material. (Schwartz, 2014)
5. The hack exposed the bad practice of using emails to save sensitive corporate and personal information. IT experts said that this kind of (using the email for virtually everything) is not the safest way.

1. Should the U.S. government help private organizations that are attacked (or allegedly attacked) by foreign governments? Why or why not?

In light of increasing attacks on the major corporations, 75% took place last year despite the big expenditure on security that amounts to $ 75 Billion annually. With SONY hacking by GOP and the recent attack by Mirai bot on major companies that made Twitter, Reddit, and Spotify inaccessible on the east coast, leaving many people’s and corporates’ sensitive information vulnerable. (Limbago, 2016)

The US government has not so far stepped up its protection measures against cyberattacks and the last election hacking is an example of lack of proactive measures in place to stop it. and that lack of response is causing dissatisfaction in light of legislation that allows private companies to take action and retrieve stolen information or retaliate to hacking its networks. (Limbago, 2016)

In 2013 US banks servers were cyberattacked and afterward the Iranian servers used were disabled by what is suspected to be private hackers hired by US banks, which is called HACK BACK. FBI launched an investigation into whether US banks were really involved. (Limbago, 2016)

Hack Back is advised against by most internet security experts, however some organizations may want to do that as a way to deter any future attempts by hackers in fear of retaliation. (Limbago, 2016)

However, I personally believe the Government should work closely with the private sector to find ways to join forces and help protect the sensitive information that is floating around their networks. It is going to be difficult to grow the business trust in the local economy and encourage foreign investment.