Mae Anderson

ATLANTA: Companies across the globe are on high alert to tighten up network security to avoid being the next company brought to its knees by hackers like those that executed the dramatic cyber-attack against Sony Pictures Entertainment.

The hack, which a U.S. official has said investigators believe is linked to North Korea, culminated in the cancellation of a Sony film and ultimately could cost the movie studio hundreds of millions of dollars. That the hack included terrorist threats and was focused on causing major corporate damage, rather than on stealing customer information for fraud like in the breaches at Home Depot and Target, indicates a whole new frontier has emerged in cyber-security. Suddenly every major company could be the target of cyber-extortion.

“The Sony breach is a real wake-up call even after the year of mega-breaches we’ve seen,” says Lee Weiner, Boston security firm Rapid7’s senior vice president of products and engineering. “This is a completely different type of data stolen with the aim to harm the company.”

This should signal to all U.S. businesses that they need to “take cyber-security as serious as physical security of their employees or security of their physical facilities,” said Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin in Boston.

The breach is particularly troubling in Hollywood, where secrecy is supposed to be paramount to insure that movie secrets worth millions don’t get leaked.

“Movie studios have, by and large, behaved as high-security intellectual property purveyors; prints have been tightly controlled, screeners are watermarked, and bootleggers are prosecuted wherever possible,” said Seth Shapiro, a professor at the University of Southern California’s School of Cinematic Arts. He said that’s what makes it so surprising that email leaks showed that Sony executives apparently gave out passwords in unencrypted emails and made other security blunders.

“The apparently laxity of Sony IT security — given the history of prior hacks — is unprecedented in the history of media technology,” he said. Sony Corp.’s PlayStation network was hacked in 2011.

Studios are trying to tighten up procedures in the wake of the Sony attack. Warner Bros. executives earlier this week ordered a company-wide password reset and sent a five-point security checklist to employees advising them to purge their computers of any unnecessary data, in an email seen by the Associated Press. “Keep only what you need for business purposes,” the message said.

Even so, some say there is little that corporations can do to prevent such a sophisticated cyber-attack. The key may lie more in detection and limiting damage.

Companies need to focus on the ability to detect hacks quickly and limit them as fast as possible. The average time to detect a breach is 200 to 230 days, Rapid7’s Weiner said. “That allows the attacker time to gain a lot of knowledge and do damage,” he said.