Lest we forget, North Korea allegedly hacked Sony pictures from inside the company last year. Reports suggest that the malware was physically uploaded into Sony's system after the hackers were allowed to enter company office space as guests. Sony subsequently lost two-thirds of its server to the worm, personal information about employees and their families was leaked, and Angelina Jolie learned what the producer of the Steve Jobs film really thought about her. Hackers then employed terrorist-type tactics, threatening to cause more damage if Sony's comedy "The Interview" was released in theaters.
The Justice Department's stance
Inspired by the severity of the breach, the U.S. Justice Department created a new office Oct. 6 dedicated to helping corporations recover from the damaging effects of a successful cyberattack, according to the Los Angeles Times. Details about actual implementation are still in the works due to budgetary constraints, but the new office could be a step toward greater government involvement in cyberattacks that affect U.S. or U.S.-based companies and the general public, especially as gray areas form regarding the nature of these attacks.
Cyberattacks launched against the U.S. government undoubtedly fall under the DOJ's umbrella. However, as John Carlin, assistant attorney general at the Justice Department for national security, told the LA Times, "a major rogue destructive act by a nation state against an entertainment company? We weren't thinking about that."
On the surface, the new initiative appears to generate forward momentum in the trench warfare taking place between hackers and enterprises. However, based on the few details that have been revealed thus far, proactive security event management does not appear to be the DOJ's end goal. For now at least, the office appears to offer support that is purely reactive.
Where SIEM services come in
Taking a proactive approach is a top priority for corporations big and small. Damage control is essential once a breach has occurred, but without preemptively employed managed security services, there's no way for a company to know that it has been hacked in the first place.
Companies that leverage SIEM services may be able to detect malware moving within the network before it can cause significant damage. The ability to proactively monitor events within the network can save millions of dollars, which in Sony's case was lost by having to pull "The Interview" before it hit theaters.
Of course, cyberattacks can have far more damaging results than having to miss James Franco and Seth Rogen as they clumsily attempt to assassinate Kim Jon-il on the big screen. Sony's misfortune is only one example among countless others of why managed SIEM is a godsend for corporations, but only if and when it's employed.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of security incident event management services.