- Business Insider
Sony Entertainment CEO Michael Lynton received the first phone call while he was driving to work: The company’s email system was down.
It was the beginning of what has become known as the “Sony Hack,” a series of North Korean cyber attacks in December 2014 that shut down the company’s computer systems and revealed troves of employee personal information.
On stage today at Vanity Fair’s New Establishment Summit with assistant attorney general for national security in the Department of Justice, John Carlin, Lynton said that one of the the biggest lessons for him was the importance of knowing who to contact.
“It’s not like you can call the local policy department,” he said.
Luckily, he said, executive Nicole Seligman, had pre-existing relationships with government officials, and was able to elevate the situation within hours. Without that speed, the situation would’ve been even worse.
The hack was a catalyzing event for the Department of Justice in that way, too, Carlin said.
“Sony knew by name and by face someone in government that they’d already talked to,” Carlin says.
Every major company should have that connection with someone he advised, whether their local district attorney or regional FBI head. The responsibility falls with the government, too, he said, to reach out proactively.
“We need to be out there talking to you before an event,” he says.
That’s why, earlier today, the Department of Justice announced a new private sector outreach program, with the mission of making sure that companies have a better idea of what to do and who to call in an emergency security situation.
In Sony’s case, the FBI descended upon its headquarters within hours.
“About 20 agents showed up,” Lynton said. “They worked side-by-side with our folks.”
The other big lesson, Lynton says, has been knowing what information should actually live on company networks.
“There’s no wall high enough to keep a determined nation state out of your computer systems,” Carlin says. If they want to get in, they’ll get it.