Sony hack puts business continuity at top of every CEO’s in-tray

The hacking of computer systems at Sony Pictures Entertainment in Hollywood started out as an unusually interesting security breach story that involved leaked e-mails about celebrities including Angelina Jolie and the script for the forthcoming James Bond film, Spectre. It developed into what seemed like a comical tale about the fictional assassination of North Korean leader Kim Jong-un, but then rapidly escalated into a narrative about free speech and possible all-out cyber war between the United States and North Korea.

President Obama accused the North Korean state of cyber-terrorism, imposed economic sanctions and, a couple of days after he had threatened unspecified retaliation, someone pulled the plug on the entire internet infrastructure of North Korea. Then things really got serious, and the Sony hackers managed to get inside and disable the PlayStation Network on Christmas Day no less, in the process ruining Christmas for 110 million teenage PlayStation subscribers right across the globe.

I am not joking when I say that the PlayStation takedown was when things got really serious for Sony. Up until that point they had suffered huge embarrassment, financial loss from the disruption of a major film launch and significant reputational damage. But it was only when the hackers took out the PlayStation network that Sony’s whole business model was threatened. Suddenly the cash cow that their 110 million subscribers represent came under attack and their core business was put out of action in the space of a few minutes.

The FBI were called in by Sony and confirmed that the intrusion consisted of the deployment of destructive malware and the theft of employees’ personal information. They also confirmed that the attacks had rendered thousands of Sony’s own computers inoperable and forced them to take their entire computer network offline. The fact that it now looks like North Korea may not actually be responsible for the intrusion, but rather a domestic hacking group calling itself the Guardians of Peace, should heighten rather than decrease alarm. It proves that you don’t even need the backing of a rogue state to be able to do this stuff.

In a world where businesses are every day becoming more and more dependent on the internet the Sony Christmas story should be a wake-up call to all CEOs. If you are running a business of any size and have not yet thought the unthinkable about your internet dependencies being compromised overnight, then I suggest that you get onto it immediately. This should be number one on your resolution list as we head into 2015. Happy New Year.