ATLANTA — The devastating cyber attack on Sony Pictures may just be a preview of things to come, according to the crisis management firm Preparis.
“It’s no longer college kids just trying to show they can break into a network,” said Armistead Whitney, the Atlanta-based company’s CEO. “It’s now rogue nations. It’s rogue individuals, rogue groups, that are actually using cyber attacks as a way to promote their agenda.”
The FBI has traced the Sony attack to North Korea. That nation’s government was upset over Sony’s now-cancelled Christmas release of “The Interview,” a comedy about a CIA plot to assassinate North Korean leader Kim Jong Un.
During his last press conference of the year, President Obama called on Congress to work with the White House on passing strong cyber security laws.
“If we don’t put in place the kind of architecture that can prevent these attacks from taking place, this is not just gonna be affecting movies,” the president said. “This is gonna be affecting our entire economy in ways that are extraordinarily significant.”
The circumstances behind the Sony breach are still under investigation. However, Preparis’ CEO points out that 70 percent of cyber attacks on businesses involve employees who unwittingly compromise security.
Whitney said businesses need to make cyber security a company-wide priority and train each employee to avoid common mistakes — such as using simple passwords or clicking on links from untrusted sources.
He described how Preparis simulated a hack to find security lapses at one of its clients in the financial services sector.
“A CD was placed around a business that said, ‘Spring Break Mexico 2005,’ Whitney said. “And what’s interesting is that 50 percent of those CDs were loaded into computers and were infected with fake malware just to see who would put those CDs in — 50 percent! And those are the types of things these terrorists are doing.”
Preparis serves clients in 200 cities around the world, including financial institutions, law firms, manufacturers and retail companies. Its business model came as a response to Whitney’s personal experience as president of a media company in Midtown Manhattan during the 9/11 terrorist attacks.
“I had 200 employees that were counting on me as a leader to guide them, to make sure that they could be safe, to make sure that the company could also survive and continue to serve our customers,” Whitney said. “What we saw that day was an inability to make the right decisions. We had a binder of plans kind of sitting on the shelf that no one had ever read. And that was a very, very challenging way to try to figure out what to do.”
During 9/11, Whitney lost voice and email communications, but was able to send and receive text messages through a cell tower in New Jersey. Lesson learned.
Preparis tells clients not only to develop a disaster response plan, but to practice it before a crisis occurs.
Rather than develop separate plans to respond to each possible contingency, Preparis recommends an “all hazards” approach to keep companies up and running during any emergency — regardless of whether the threat comes from the sky or the Web.