The last year has been marked by headline-grabbing cybercrimes, including the theft of stunning amounts of personal information from Target,
A group that calls itself Guardians of Peace struck a devastating blow to Sony Pictures' network in late November, extracting copies of a huge number of internal documents and then erasing them from Sony's computers. It caused enough damage to shut down the network for days, forcing employees to revert to working on paper and whiteboards. Since then the hackers have leaked emails and other material online, revealing secrets about the company's salaries, business model and executives' deliberations. Unlike conventional industrial espionage, the point wasn't to give a company's secrets to its competitors. It was to make them public on a grand scale, embarrassing the victim and crippling its ability to do business.
The damage is ongoing, with the hackers leaking documents incrementally and reporters mining them for news. Regardless of whether you think the news media are amplifying the attack or just documenting it, one important lesson the coverage has conveyed is the need for companies to take better care of the sensitive information they've collected. It's not just banks and retailers that have to worry about the credit card numbers they have on file. Corporations have to assume they'll be targets, and never leave such things as passwords and Social Security numbers unencrypted.
Few, if any, companies could defend themselves successfully against assaults of the scale and destructiveness as that on Sony, which rivaled the Stuxnet attack on