In-depth

Enterprises must learn from Sony's security mistakes

Davey Winder says every company needs to learn from Sony's security errors and adopt a holistic approach.

Sony

COMMENT You might have thought that a large enterprise such as Sony, having suffered a very high profile and therefore highly embarrassing (not to mention brand damaging) security breach earlier this year, would have done everything it could to ensure there could be no further shocks for its customers.

You would have been wrong though, if the news that Sony has locked down 93,000 online accounts is anything to go by.

It would appear that a number of unauthorised access attempts had been registered earlier this week, over a three day period, which succeeded as far as verifying the valid sign-in information for more than 90,000 accounts concerning Sony Entertainment Network, Sony Online Entertainment and PlayStation Network users.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach... to re-evaluate security holistically.

Advertisement
Advertisement - Article continues below

Although the fact that Sony reacted reasonably quickly to the hack attempt might sound like good news for the entertainment giants, coupled with no credit card information being put at risk this time around, I'm not convinced that's the case.

Sony is being pretty quick to assure anyone who will listen that the breach came about from using data lists obtained from compromised external sources, as in other companies and not Sony itself. It is being equally timely in stating that all the accounts concerned have been locked until a full investigation into the actual extent of the unauthorised access attempts has been completed.

Users will be asked to change passwords, although once again Sony is taking the opportunity to try and mitigate brand damage by pointing out that it was but a "small fraction" of the 93,000 accounts which had logged any kind of activity before being locked down.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach and the secondary one that followed soon after to re-evaluate security holistically. If it had done that then perhaps it would have understood that the old enterprise security paradigm of 'encrypting critical business data balances the risk equation' is no longer enough.

Hackers are no longer just interested in your financial information, credit card data and the like, they are interested in everything because everything has a value. Increasingly this means an interest in what you might call 'social data' that you hold about your customers.

"To ensure maximum security, organisations need to encrypt all data, including the information they exchange and store with external IT infrastructures, such as business partners, cloud providers and other third party organisations," says Mike Smart from SafeNet. "This will significantly reduce the potential damage to the business and the customers in case of a security breach and will restore trust in consumer privacy."

Unless Sony, and indeed you for that matter, adopt a more holistic approach whereby data is encrypted at every stage of the lifecycle then this is not going to be the last time I write about trust-tarnishing, brand-damaging breaches such as this.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019