Hollywood studios are swiftly ramping up cyber security measures, hiring experts and warning employees to be careful with their private information in the wake of the hack attack that is continuing to cripple Sony Pictures Entertainment.
Last week’s assault, which shut down the studio’s computer and phone systems, has also resulted in the release of an ongoing stream of sensitive data, including executive salaries and employees’ personal information, sending a collective chill up the spine of Sony’s rivals.
“People are wigged out,” said an executive at one of Hollywood’s major film companies, who declined to be identified. “It is making people seriously question what they put in email.”
Many film companies, including The Weinstein Company, have hired security firms to protect themselves against groups like the self-proclaimed “Guardians of Peace, which has claimed responsibility for the SPE attacks.
“Everybody has” hired outside security firms, a senior Weinstein executive told TheWrap.
Last week, Sony hired security firm FireEye Inc. and its Mandiant forensics unit to lead the investigation of the breach. “The investigation continues into this very sophisticated cyberattack,” SPE said in a statement.
While confirming they were monitoring the Sony situation and assessing the safety of their computer and phone systems, none of the studios would speak in terms of specifics for fear of compromising their defenses.
Exactly who they’re battling isn’t clear either.
“Everyone is trying to figure it out,” one studio executive said, while begrudgingly acknowledging the seriousness of the threat. “The hackers are good.”
There has been some speculation that the attack on Sony may have ties to North Korea as a response to the studio’s upcoming Seth Rogen–James Franco film “The Interview,” which North Korean officials have been openly critical of. The comedy sees the duo sent in to assassinate North Korean leader Kim Jong-un.
Sony is purportedly working with various law enforcement agencies to see if there is a connection to the cyber attack and the film. While the film’s stars’ salaries have been released by the hackers, the film was not one of the five Sony films to show up on pirate sites; though it’s unclear if these pirated films are related to the attack.
A confidential flash warning the F.B.I. sent on Monday to corporate security administrators obtained by The New York Times purportedly warns them about a recently discovered “destructive” malware written in Korean.
The F.B.I.’s warning purportedly made no mention of Sony, and the behavior of this malware is not the same as what Sony experienced. This new malware purportedly puts the computer to sleep for two hours, reboots it and then directs it to start wiping all of its files.
With new threats looming and Sony still recovering from a cyber attack, new security measures may not be the only changes coming. The assault on Sony may change the way the industry communicates. SPE’s email system has been thoroughly compromised.
“We’ve all had a tendency to communicate via email and text,” said the studio executive. “Now, I better say it verbally.”