Sony Cyber Attack Case Study Analysis

Duane Brown

ISSC 331

Sony Cyber Attack: A Case Study in Cyber Leadership Failure

By

John Sileo

In this case study leadership gets put on showcase.  Here we are 2017 and the CEO of one of the largest tech companies in the history of electronics and he (Michael Lynton) doesn’t even encrypt his emails.  What was the point of creating guidelines and not even he follow them.  With the sub title “Cyber Leadership Only Gets Attention AFTER THE ATTACK” it is clear what Sileo thinks of the debacle created by lax judgement on the part of Mr. Lynton.

With the 11 immediate and nasty consequences that suffer by the general public, celebrities,
staff, and executives. This has had to be singlehandedly the creation of what could be the end of an empire.  The leak included these permanently damaging effects on the company.

·         Sony forced to cancel the 12/25 release of “The Interview” and then suffers massive negative PR for giving in to the cyber criminals

·         Sony’s entire network was shut down for the better part of the week, meaning no one could really work (that had to be costly)

·         Hackers spoil the release of five upcoming Sony movies by leaking them early including Brad Pitt’s Fury and Annie

·         Hackers release pre-bonus salaries of Sony’s Top 17 Executives and 6,000 employees

·         Hackers expose passport and visa PDFs of cast and crew members, including Angelina Jolie and Jonah Hill

·         Hackers divulge 25-page list of employee workplace complaints

·         Hackers share 30,000 Deloitte consultant salaries, and medical information on a number of Sony employees

·         Sony’s former employees file three early class-action lawsuits against Sony because of negligent handling of employee data

·         A trove of embarrassing emails between Sony execs and various recipients expose C-Level racial bias

·         In an embarrassing email, Sony executives out Angelina Jolie as a “spoiled brat”

·         After being reprimanded by President Obama, Sony decides to release “The Interview” (after suffering millions in losses)

In the Great State of Texas the is simple.  Texas’s Identity Theft Enforcement and Protection Act requires any entity conducting business in the Lone Star state to inform its customers when their data is compromised in a data breach. Businesses can be fined up to $250,000 for data breaches. For larger data breaches (those involving more than 10,000 consumers), a business has to inform consumer reporting agencies as well.

This law doesn’t in any way address when it has to be released nor anything more to the consumer other than notification either in writing or electronically.  The law only provides protection for employees.  Almost a complete mimic of the California law, Texas’s Identity Theft Enforcement and Protection Act, is a complete song and dance to torts like negligence, fraud, fiduciary responsibility, and the like. .

Substantively Sony, you owe the public more than what you are giving.