Corporate America, you've been hacked. Now what?

SAN FRANCISCO -- I don't know who hacked the corporate computer network of Sony Pictures Entertainment.

I'm guessing at some point in the recent past someone at the studio, in the course of doing business, really ticked somebody else off.

And that certain somebody else had the resources to hire technical people capable of developing a cyber-attack so sophisticated that it went beyond merely paralyzing the movie company's operations.

It also essentially turned internal documents into an online reputation self-destruction machine, with details leaking out of distasteful behavior among the emails of certain movie producers.

Whether the culprit was Korean leader Kim Jong Un (the subject of an unflattering, soon-to-be-released SPE picture, The Interview) or Angeline Jolie (the subject of unflattering, just-released emails from at least one SPE producer) or someone else, I just don't know.

What I am pretty sure of is this devastating, corporate-Armageddon-like hack -- the cost of which could prove huge for the company's shareholders -- won't be the last.

"There are two kinds of organizations: Those who've been hacked and know it and those who've been hacked and don't know it," says Chad Fulgham, former chief information officer of the FBI.

Fulgham last month became chief strategy officer for Tanium, a private security-software firm that's taking an innovative approach to protecting Internet-based networks:

Rather than put most resources into developing a hypothetically-impregnable firewall separating a corporate network from the Internet, Tanium has focused instead on developing a good counter-attack.

"People need to say, 'OK, we're connected to the Internet, we're gonna get hacked,'" Fulgham said in a phone interview.

The Sony hack, along with all the other cyber attacks we know about, suggests that's true.

It also echoes what Tanium Chief Technology Officer Orion Hindawi told me back in August -- that corporate hacks are no longer harmless pranks executed by amateurs. He spoke of attacks sponsored by "commercial syndicates… and nation-states."

http://www.usatoday.com/story/tech/columnist/shinal/2014/08/17/security-software-is-vital-in-future-of-work/14133483/

The importance of that statement to corporate America should be obvious now that Sony's own network has been thoroughly penetrated and turned against it.

So what can corporate America do?

For starters, start appointing more people with computer training to corporate boards, according to Fulgham, who ran the FBI's information systems for three years.

"Directors don't ask the right questions because they don't have the technical training," he says.

The most important question board members should be asking of their own chief information security officers these days is 'What do we do?" after cyber-attackers get behind a firewall, he says.

The founding team at Tanium previously founded a security-software company called BigFix.

In 2009, while Fulgham was at the FBI, the agency bought BigFix's security software.

In 2010, computing-giant IBM bought the whole company for $400 million.

Now, Fulgham spends his time selling corporate executives and directors on the benefits of Tanium's approach.

The technology represents a shift as important as the one "from propellers to jet aircraft," he says, because the software can send a so-called security patch to every device on a wide-area network within 15 minutes of a detected attack.

As the Sony hack continues to prove, when it comes to sophisticated attacks, every minute counts.

John Shinal has covered tech and financial markets for more than 15 years at Bloomberg, BusinessWeek,The San Francisco Chronicle, Dow Jones MarketWatch, Wall Street Journal Digital Network and others. Follow him on Twitter: @johnshinal.