Sony's hacking incident that happened back in November last year is a perfect example of how ignoring a problem doesn't make it go away.
In the second installment of a three-part investigative report published in Fortune, suspicions were confirmed that several high-level executives had indeed been warned that releasing The Interview (the 2014 comedy directed by Seth Rogen and Evan Goldberg) could result in a cyberattack on Sony’s computer systems.
A Sony representative claimed that Sony Entertainment CEO Michael Lynton was never advised by his consultants that North Korean retaliation for the movie’s flippant depiction of dictator Kim Jong-un could include the type of attack on Sony's networks that took place last year in November. According to the report, however, Lynton was informed by Bruce Bennett, the North Korea specialist he conferred with most extensively, that a cyberattack was indeed a possibility, perhaps even a likelihood. Before they began shooting the movie, Rogen and Goldberg had also been warned by international market consultancy McLarty Associates to expect a "blowback" in the form of an electronic assault, and advised them to change their email and bank passwords. The directors reportedly relayed their concerns to Sony, who denies ever receiving them.
During the high-profile incident last year, hackers publicly released confidential files, emails, and 47,000 employee social security numbers before wiping the hard drives on half of the company's computers.
Not only was Sony aware that such a devastating electronic intrusion could occur, but emails described in the article also indicate that the company did little to strengthen its cybersecurity in the months between North Korea's threats issued in June and the November assault.
Instead of opting to shore up its network protection, Sony spent $550,000 to alter scenes and make the film less offensive to North Koreans, according to the report. As per Sony Corporation CEO Hirai's instruction, they also toned down Kim Jong-un's gory death in the hopes that it would appease North Korean audiences and delayed the film’s release by three months.
This effort was not only unsuccessful, given that hackers followed through with the attack, but it also drew ire for pandering to scare tactics. President Obama called it a “mistake,” asserting that “we cannot have a society in which some dictatorship someplace can start imposing censorship.”
That Sony decided to compromise their integrity as a company instead of working harder to fortify its digital protections is made worse by their storied history with these types of concerns. The North Korean hack was only one in a string of Sony system breaches that occurred over a decade-long period, and the company has since developed a reputation for having egregiously poor cybersecurity.
Although Sony has claimed throughout these incidents that they could not have been prevented, experts assert that these attacks were not particularly sophisticated and only succeeded because of serious lapses in digital security.
According to the report, Sony would have been able to mitigate the damage of the North Korean assault had they implemented basic precautionary measures, such as a two-factor authentication system for network logons that other companies have been using for years. The absence of those safeguards allowed hackers to access unencrypted folders and sensitive information with “astounding” ease.
In 2007, Sony’s then-cybersecurity chief said, “I will not invest $10 million to avoid a possible $1 million loss…It’s a valid business decision to accept the risk.”
But if there’s anything to take away from Sony’s blunder, it’s that revenue is not the only kind of capital a company can lose when it sacrifices the security of its employees and the primacy of its vision to cut financial corners. Sony will continue to produce movies and develop gaming consoles, and it might even recover the profits they lost. Whether they can regain their dignity is far less certain.