The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It’s an email about trying to get pregnant. It’s shit-talking coworkers behind their backs, and people’s credit card log-ins. It’s literally thousands of Social Security numbers laid bare. It’s even the harmless, mundane, trivial stuff that makes up any day’s email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.
These are people who did nothing wrong. They didn’t click on phishing links, or use dumb passwords (or even if they did, they didn’t cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb. Even if they didn’t have the expectation of full privacy, at most they may have assumed that an IT creeper might flip through their inbox, or that it was being crunched in an NSA server somewhere. For better or worse, we’ve become inured to small, anonymous violations. What happened to Sony Pictures employees, though, is public. And it is total.
–The Sony hack reminds us everyone is vulnerable.
None of this stuff is going to get better until bad INFOSEC starts becoming prosecutable. In the same way you’re not allowed to house your staff in an unsafe building, you shouldn’t be allowed to host staff data on an unsafe network.
“But Alis, there’s no such thing as perfect security!”
No, there’s no. But you can damn well bet people are going to start trying a bit fucking harder when there are criminal penalties on the line…