Security experts fear Sony attack to fuel more company extortion

Security experts fear Sony attack to fuel more company extortion

NEW YORK (Reuters) - Sony Pictures' decision to shelve the film "The Interview" in the face of cyber attacks has set a worrying precedent and is sending companies scrambling to guard sensitive data, security experts said on Thursday.

Sony's capitulation could mean that more businesses will be targeted for cyber warfare and extortion, they said.

"I fully expect to see more actions like this against film studios or other soft targets because they have not paid attention to cyber security for so long," said Jeffrey Carr, chief executive officer of Taia Global, a cyber security company.

"This has been the first time that extortion on this scale has been successful."

While there has been a surge of interest by companies over the past two years to shore up corporate defenses, in the wake of attacks on retailers including Target Corp, many companies are still not well defended, or soft targets. The crisis at Sony Corp's movie studio is prompting executives to think more broadly and to use data encryption software for internal data.

Sony on Wednesday dropped the comedy that features the assassination of North Korea's leader after hackers who breached its computers threatened a 9/11 type of attack on theaters. The $44 million movie was planned for release on Dec. 25.

Any organization wading into the political realm should map out a strategy, said Rob Sadowski of cyber security firm RSA.

"Geography no longer protects them and they need to be proactive and not reactive," he said.

The White House stopped short of blaming North Korea for the attack but U.S. government sources on Wednesday said the attack was "state sponsored" and that North Korea was involved.

Security software maker PKWare said it is seeing an uptick in companies worried about cyber attacks, said Matt Little, vice president of products.

"The folks we are talking to now say they don't have the budget of a bank or retail outlets but they are worried about a breach like this and someone doing much worse than what happened to Sony," he said.

The problem was broad enough to require a government response, said Art Gilliland, senior vice president of enterprise security products group at Hewlett-Packard Co.

"Success begets success," said Steve Ward, senior director at iSight Partners, a cyber threat intelligence firm. "You can think of it as a watershed event. It's one in a trend that has already occurred and one that is likely to occur."  

(Editing by Lisa Shumaker)