In-depth

Enterprises must learn from Sony's security mistakes

Davey Winder says every company needs to learn from Sony's security errors and adopt a holistic approach.

Sony

COMMENT You might have thought that a large enterprise such as Sony, having suffered a very high profile and therefore highly embarrassing (not to mention brand damaging) security breach earlier this year, would have done everything it could to ensure there could be no further shocks for its customers.

You would have been wrong though, if the news that Sony has locked down 93,000 online accounts is anything to go by.

Advertisement - Article continues below

It would appear that a number of unauthorised access attempts had been registered earlier this week, over a three day period, which succeeded as far as verifying the valid sign-in information for more than 90,000 accounts concerning Sony Entertainment Network, Sony Online Entertainment and PlayStation Network users.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach... to re-evaluate security holistically.

Although the fact that Sony reacted reasonably quickly to the hack attempt might sound like good news for the entertainment giants, coupled with no credit card information being put at risk this time around, I'm not convinced that's the case.

Sony is being pretty quick to assure anyone who will listen that the breach came about from using data lists obtained from compromised external sources, as in other companies and not Sony itself. It is being equally timely in stating that all the accounts concerned have been locked until a full investigation into the actual extent of the unauthorised access attempts has been completed.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Users will be asked to change passwords, although once again Sony is taking the opportunity to try and mitigate brand damage by pointing out that it was but a "small fraction" of the 93,000 accounts which had logged any kind of activity before being locked down.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach and the secondary one that followed soon after to re-evaluate security holistically. If it had done that then perhaps it would have understood that the old enterprise security paradigm of 'encrypting critical business data balances the risk equation' is no longer enough.

Hackers are no longer just interested in your financial information, credit card data and the like, they are interested in everything because everything has a value. Increasingly this means an interest in what you might call 'social data' that you hold about your customers.

Advertisement - Article continues below

"To ensure maximum security, organisations need to encrypt all data, including the information they exchange and store with external IT infrastructures, such as business partners, cloud providers and other third party organisations," says Mike Smart from SafeNet. "This will significantly reduce the potential damage to the business and the customers in case of a security breach and will restore trust in consumer privacy."

Unless Sony, and indeed you for that matter, adopt a more holistic approach whereby data is encrypted at every stage of the lifecycle then this is not going to be the last time I write about trust-tarnishing, brand-damaging breaches such as this.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020