BEIJING—Faced with rising cybercrime like the attack on Sony Pictures Entertainment, companies worldwide are under pressure to tighten security but are hampered by cost and, for some, reluctance to believe they are in danger.
The Sony attack, which US officials blamed on North Korea, was unusual because it included threats of violence if the Hollywood studio released its movie The Interview, a comedy that depicts the assassination of the North’s leader. But it is just the highest-profile case in a growing flood of data breaches that have risen in sophistication over the past five years.
The growing skill of hackers has driven a shift in strategy for companies, which see they cannot be stopped and have switched to trying to limit losses, said Kwon Seok-chul, president of Cuvepia Inc., a security firm in Seoul.
He said his company has received a growing number of requests from financial institutions and other businesses alarmed by reports of break-ins, including last month’s Sony attack.
“There is no way to block hacking,” Kwon said. “They are consulting with us for new types of defense measures.”
US officials have told reporters they believe North Korea was connected to the Sony attack, though the evidence is only circumstantial.
The threats of violence prompted Sony to cancel the release of The Interview. The North Korean government earlier denied involvement but called the attack a “righteous deed.”
Other governments also have been implicated in commercial hacking. In May US authorities charged five officers from the Chinese military’s cyber warfare unit with hacking into American companies to steal trade secrets.
During last year’s Christmas shopping season, US department store chain Target Corp. disclosed it suffered a breach that exposed details of as many as 40 million credit- and debit-card accounts.
This month a virus was discovered in Japan that steals credit-card data from retail checkout systems. Police said more than 30 companies, government agencies and organizations have been targeted since 2009.
Too many companies, though, assume they are too small to be targeted, Chester Wisniewski said of Sophos, a London-based security firm.
“It is generally ignored,” Wisnewski said. “When it does happen, most people you talk to say, I’m not Target, or, I’m not Sony.”
Companies in developing countries face additional disadvantages.
In China widespread use of unauthorized copies of software downloaded from web sites run by pirates allows to insert malicious code to gain access to company networks, according to Wisniewski.
In countries, such as India, Thailand or Pakistan, even security-conscious companies may not be able to afford the most advanced software tools.
“Out of desperation, people get software wherever they can find it, but often that puts them in harm’s way,” said Wisniewski.
Chinese companies also face official pressure to stop using foreign information technology, which communist leaders see as a potential national security threat. In 2010 banks and other major companies were ordered to use domestic technology whenever possible in an apparent effort to support growth of China’s fledgling security industry.
Beijing this year said it would review all imported security products for potential security flaws following revelations by former National Security Agency contractor Edward Snowden that US technology companies cooperated with widespread government spying. In August the Chinese government said it would no longer buy foreign antivirus systems.
China is regarded as the biggest global source of computer hacking. Experts say that in addition to Chinese hackers, those from other countries can easily take control of a computer network in China and use it to launch an attack because many lack adequate security.
Image credits: AP/Richard Vogel