Companies across the world are on high alert to tighten up their network security to avoid being the next firm brought to its knees by hackers like those who carried out the dramatic cyberattack against Sony Pictures Entertainment.

The hack could ultimately cost the studio hundreds of millions.

That the hack included terrorist threats and was focused on causing major corporate damage, rather than on stealing customer inform-ation for fraud, indicates that a whole new frontier has emerged.

“The Sony breach is a real wake-up call even after the year of mega-breaches we’ve seen,” said Lee Weiner, Boston security firm Rapid7’s senior vice-president of products and engineering.

“This is a completely different type of data stolen with the aim to harm the company.”

This should signal to all US businesses that they need to “take cyber-security as seriously as physical security of their employees or secur-ity of their physical facilities”, said Cynthia Larose, chairwoman of the privacy and security practice at Boston law firm Mintz Levin.

The Sony breach is a real wake-up call even after the year of mega breaches we’ve seen

The breach is particularly troub-ling in Hollywood, where secrecy is supposed to be paramount to ensure that movie secrets worth millions are not leaked.

“Movie studios have, by and large, behaved as high-security intellectual property purveyors; prints have been tightly controlled, screeners are watermarked, and bootleggers are prosecuted wherever possible,” said Seth Shapiro, a professor at the University of Southern California’s School of Cinematic Arts.

He said what made it so surprising was that e-mail leaks showed Sony executives apparently gave out passwords in unencrypted e-mails and made other security blunders.

“The apparent laxity of Sony IT security – given the history of prior hacks – is unprecedented in the history of media technology,” he said. Sony’s PlayStation network was hacked in 2011.

Studios are trying to tighten up procedures in the wake of the Sony attack. Warner Bros. executives have ordered a company-wide password reset and sent a five-point security checklist to employees advising them to purge their computers of any unnecessary data.

Even so, some say there is little that corporations can do to prevent such a sophisticated attack. The key may lie more in detection and limiting damage.

“There are very few companies that can withstand that kind of large assault,” said Rich Mogull, an analyst with security firm Securosis in Phoenix, Arizona. “But a lot of companies do need to improve what they’re doing on security.”

Companies also need to invest in identifying vulnerabilities on their networks and work quickly to address them.

Jonathan Sander, strategy and research officer at data security firm Stealthbits in Hawthorne, New Jersey, recommends a comprehensive review to ensure that outdated files, such as digital copies of old contracts and electronic conversations that occurred years ago, are no longer being stored on the corporate networks.

Some customers have been wondering if they should reduce their reliance on e-mail and switch to other digital forms of communic-ation, such as messaging systems that do not store the data.

Most importantly, companies need to focus on the ability to detect hacks quickly and limit them as fast as possible. Currently, the average amount of time it takes a company to detect a breach is 200 to 230 days, Rapid7’s Mr Weiner said, adding: “That allows the attacker time to gain a lot of knowledge.”

One example companies could follow is in the technology sector, where most firms have been tightening their security measures during the past 18 months in response to revelations about the digital spying tactics of the US government.

The government has maintained that it has never collected the kind of highly personal details stolen in the Sony Pictures breach. But tech companies being targeted by the NSA have since tried to thwart the surveillance by encrypting their internal e-mail systems as well as the free accounts available to the general public.

Both Google and Apple, the makers of the world’s leading software for mobile devices, are also automatically encrypting the data stored on smartphones so that the information is indecipherable to unauthorised users, including government authorities.

Tom Chapman, head of cyber-operations at EdgeWave Security in San Diego, California, said that in the past people were looking for a firewall or an individual product for protection.

“Now they’re realising there is a human element. They need to understand who might be after them.

“By better understanding your likely adversaries, you can better craft your defence,” the retired US Navy intelligence officer who specialised in hunting down hackers said.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.