The cyberattacks on Sony related to the release of the farcical comedy The Interview have had implications for various groups in modern society. For filmmakers and Sony executives, the attack created substantial embarrassment by releasing their e-mails publicly. For the U.S. government, which believes the attack was orchestrated by North Korea, it represented an international battle. For free speech advocates, Sony’s initial decision to halt the movie’s release in response to threats to moviegoers was a terrible instance of censorship.
For marketers and their companies, the implications continue to emerge. One notable point is the need to develop detailed plans in advance to respond to cyberterrorism. Especially for large, global companies, the possibility that international groups might protest their practices by shutting down their digital operations is salient. Few guidelines exist though, and as the Sony experience showed, many companies suffer huge gaps in their security. In previous years, data breaches at major retailers have exhibited that companies are widely and troublingly vulnerable to hackers, and yet most of them remain greatly exposed.
Further complicating the matter, cyberterrorism tends to be relatively more subtle in its goals than digital crimes that obviously pursue the theft of consumers’ data or financial information. With damages that are largely psychological and social, the attacks also do not reach the status of more prominent, physical terrorist attacks that threaten people’s lives. Thus, companies are largely on their own, because they cannot rely on governments to protect them adequately.
Nor can they be sure who is committing the attacks. In the Sony case, the conventional wisdom is that the North Korean government committed, or at least sanctioned, the hack, out of annoyance that the movie studio would release a film in which its dictatorial leader was assassinated for comedic effect. But North Korea officially denies any responsibility, and the hack was sophisticated enough that it is impossible to assign blame accurately.
In this internationally tense setting, the United States has never acknowledged that it has the capabilities to engage in digital battles or warcraft itself, though many observers suggest that the failure of North Korea’s Internet connections in the aftermath of the Sony hack was almost certainly a signal by the U.S. government. For companies though, if even their own government will not admit what it is doing or how, the rulebook remains opaque. Can companies engage in their own cyberattacks to defend themselves? What kinds of precautions do they need, and which companies most need them? Unfortunately for marketers, these questions do not have any easy answers as of yet.
What kinds of precautions do you think companies need against cybercrimes?
SOURCE: David Sanger, “Countering Cyberattacks Without a Playbook,” The New York Times, December 23, 2014, http://www.nytimes.com