Sony Pictures was the victim of an unprecedented cyberattack on Nov. 24, when a group identifying themselves as “Guardians of Peace” took control of the Hollywood studio’s computers and made off with around 100 Terabytes (that’s 100,000 GB) of sensitive documents, videos, and financial information. Among the items stolen were DVD screeners of five upcoming movies which have since been pirated on the Internet, several unproduced scripts, salary information for top executives, and the Social Security numbers of 3,800 employees.
With each new revelation from the case, Sony, now working with the FBI, has a new PR disaster to contend with, and the damage may have only just begun. “[Catching the culprits] is a six-month ordeal at minimum, and you’re looking at tens of millions of dollars in losses, and that’s not including the damage to your brand and possible lawsuits,” Joe Loomis, CEO of online security firm CyberSponse said in an interview with Variety.
The Employee Connection
Many speculated that North Korea was behind the attack, as retaliation over Sony’s upcoming Seth Rogen/James Franco comedy The Interview, a satire of North Korean politics that the country recently equated to “an act of war,” but those close to the studio aren’t completely sold on that theory yet, claiming that the ease in which the crime was executed was a hallmark sign of an inside job.
“If terabytes of data left the Sony networks, their network detection systems would have noticed easily,” says Hemanshu Nigam, CEO of SSP Blue, an L.A.-based online-security consulting firm, commenting on the situation for the Hollywood Reporter. He continues:
“To me, it looks like a combination of hackers on the outside working with somebody on the inside. The personnel attacks that are happening (with the release of Sony Pictures’ internal data)… all suggest that someone internally has a vendetta against the company or is a disgruntled employee.”
The nature of the leaked documents support this theory, such as embarrassing salary data and layoff reports, and most notably a trove of employee feedback revealing much unhappiness among Sony Pictures staff. Here are a few choice comments culled by Gawker (emphasis ours):
“Stop making the same, safe, soul-less movies and TV shows. Enough with the re-makes and reboots.”
“We do not seem to be doing new or original ideas anymore unless they come from term deal players. Remakes, sequels, and movies which are better off being E True Hollywood stories, should be left by the side of the road. Our development execs should focus on new fresh material, and not be permitted to simply remake another money.”
“Moving a major work force to foreign countries is taking job opportunities away from lots of employees at Sony Pictures Imageworks. Families are separated, people are forced to leave the country, and workers don’t have any hopes in their future with the company any more.It is sad to see that the company doesn’t care about us at all.”
Proceed With Caution
Whether it was the work of a disgruntled employee or a disgruntled employee working with North Korean saboteurs, the Sony hack should serve as a cautionary tale about the perils of putting profits before people, and the ensuing fallout should remind us of the real destructive power that even a single disengaged employee can have on an organization.
When employees feel like their employer doesn’t care about them anymore and the ship is sinking, they will abandon the ship and place their loyalties elsewhere. Personally engaging them as individuals, taking an interest in their careers and dreams, and backing it up with good work/life balance and benefits are not just nice ideas; they are reliable methods for keeping employees connected and on your side.
Or, you could always hire George Clooney as a security expert.