Watch CBS News
MoneyWatch Tech

The Sony hack has security experts "pretty busy"

By Jonathan Berr

/ MoneyWatch

Ever since news of the massive data breach at Sony (SNE) became public last month, worried corporations have been contracting computer security companies eager to avoid the same fate.

Despite several high-profile hacking incidents this year, including at Home Depot (HD) and Target (TGT), computer security experts say many companies either have inadequate or nonexistent procedures on how to deal with network intruders.

As a result, criminals are able to linger for months or longer on the networks they've infiltrated without being detected. That appears to have been the case with Sony, which first discovered the attack in late November, when hackers claimed to have stolen more than 100 terabytes of data. To put this in perspective, the amount of data collected by the Library of Congress is 525 terabytes.

Home Depot data breach may affect more than 60 million customers 01:41

"Boards of directors are directly contacting us," said Tim Ryan, who overseas cyber-security issues for Kroll and held a similar job with the FBI. Ryan added: "We're pretty busy. They're looking for information as to the risks that are present in their companies."

Workers in understaffed departments can develop what Ryan described as "learned helplessness," explaining that "to preserve their sanity, they just stop trying." He likened the situation in corporate security to first responders expecting a 911 operator to both dispatch calls to police and fire departments and to provide assistance as well.

Derek Manky, who heads the research operation at security firm Fortnet (FTNT), echoed Ryan's views, noting that "With Sony, there is a change in tide."

Networks are vulnerable to attack when companies don't keep up with security patches or fail to adequately protect their data. Although the Sony hack is considered to be technically sophisticated, many attacks on corporate networks are surprisingly easy to pull off, according to security experts.

"It's like shooting fish in a barrel," said Manky. "The outside attack is still very easy to facilitate today."

The Sony hack stands out both for its volume and the variety of information that was stolen, ranging from Social Security numbers that could be valuable to identity thieves to embarrassing emails that have been fodder for the tabloids.

Obama promises to retaliate against North Korea for hack attack 03:05

North Korea, which has been blamed by the FBI for being behind the Sony hack, employs hackers through an offshoot of its Ministry of Defense in two separate organizations known as Unit 121 and Office 91, according to CSO.com. The country has targeted the U.S. and South Korea with cyber-attacks in the past.

"Office 91 is thought to be the headquarters of North Korea's hacking operation," the publication says, "although the bulk of the hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border."

Jonathan Berr

Jonathan Berr is an award-winning journalist and podcaster based in New Jersey whose main focus is on business and economic issues.

First published on December 22, 2014 / 9:58 AM EST

© 2014 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.