[BreachExchange] Top Sony exec has some advice for ransomware victims

Audrey McNeil audrey at riskbasedsecurity.com
Wed May 17 20:44:08 EDT 2017


If there's anyone who knows what it's like to weather a crippling
cyberattack, it's Michael Lynton.

Lynton helmed Sony Entertainment when it was the target of a massive hack
in December 2014. Hackers, who were linked to the North Korean government,
crashed the company's computer systems and leaked the studio's films and
emails containing sensitive information. Lynton said it left the studio in
crisis mode for "easily" five months.

"It was one of those instances where the company would've either fallen off
a cliff and not survived or ... pull it through, through collective
action," said Lynton at the Lerer Hippeau Ventures' annual CEO Summit in
New York on Wednesday.

It's a situation that more businesses will undoubtedly find themselves in.
Organizations around the globe are reeling from a large-scale global
cyberattack that hit last week. Researchers have found potential links to
the same North Korean hackers.

Lynton said the Sony hack was predated by a threat from North Korea urging
Sony not to produce The Interview, a comedy about trying to assassinate Kim
Jong-Un. At the time, Lynton says Sony took what it thought was the
necessary precautions. But quite simply, Lynton said they didn't know what
North Korea would possibly do when they moved forward with the movie's

Lynton, who announced he was stepping down as Sony's chief in January 2017,
shared some advice -- including one personal lesson he took from the hack.

"My email now comes down onto a hard disk every ten days," said Lynton, in
conversation with Lerer Hippeau Ventures managing partner Kenneth Lerer.
"To me, that's the solution. Put it in a drawer and lock the drawer."

Lynton said firms shouldn't have healthcare records, social security
numbers and other sensitive documents on their servers, which could
potentially be hacked. Should executives find themselves in scenarios like
his, they should remain "ridiculously optimistic."

"You have to come into work every day and say to everybody around you: We
are going to get through this," he said. "I made a concerted effort to keep
that optimistic look on my face when I came to work ... you don't want to
be Pollyannish but it was hugely helpful to do that."

Lynton, who is now chairman at Snap, said his job function at Sony
effectively, and rightfully, changed so that he was managing the crisis
full time. "You cannot, under any circumstances, give away any authority at
that point."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170517/e4774bdd/attachment.html>

More information about the BreachExchange mailing list