Not So Entertaining

There is actually a silver lining in the brouhaha over the hacking of Sony. Forget about the right to free speech. That is only pertinent in some countries. The fact that the backlash to the intended release of The Interview was so swift should make people realize that every organization is vulnerable to having their IT security systems compromised. This hacking wasn't done by some smartass kid or by someone who is bitter about not being gainfully employed or by someone who can prove that he can get into a system. This was a foreign government that authorized the hacking and, thus, already had in place people who were trained to infiltrate systems. If Korea can hack into one company, it can get into the financial exchanges and the U.S. government websites and databases. The implications are horrendous.

Recently, Richard Beales wrote about the idea of having cyberinsurance for banks. It's an interesting idea, and there are insurance companies that offer some form of it. Right now, I would imagine that it's still hard to figure out the cost of premiums. A few years ago I reported the cost of a security breach by account at a health care organization. It was about $350 per account. Assuming that number is still accurate, what would cost in premiums to a company such as JPMorganChase, which was already hacked>What's the premium to pay some $29 billion? What would be for the defense department? For Social Security?

http://dealbook.nytimes.com/2014/12/23/the-need-for-bank-cyberinsurance/?module=BlogPost-Title&version=Blog%20Main&contentCollection=Breakingviews&action=Click&pgtype=Blogs&region=Body

There is another aspect to hacking for a company such as Sony. In addition to the usual security measures that every company has to take in order to protect HR and bank information, there is the constant battle to prevent people from distributing its content on the Internet. You may think that just because can't copy a DVD that it's not an issue, but it is. You see, content is shared for editing and approval and everyone who plays that content is vulnerable to having his or her computer or mobile device hacked. It's a managerial problem when content is leaked before a series' ending is shown on TV, and it's an insult to the unsung heroes who construct sets and design costumes. Piracy is not a victimless crime.

But back to insurance. Everyone complains about insurance companies, but they're not made up of greedy, evil people who just want to take your money and shell out nothing if there's a claim. I'm confident that as cyberinsurance becomes standard, companies will be able to reduce their premiums with the guidance of insurers. This would include upgrading firewalls and hiring people to do daily penetration testing. As for piracy of content, that's a matter, I think, of being able to trace paths and fingerprints.

Note: This image was taken from en.wikipedia.org.