In-depth

Enterprises must learn from Sony's security mistakes

Davey Winder says every company needs to learn from Sony's security errors and adopt a holistic approach.

Sony

COMMENT You might have thought that a large enterprise such as Sony, having suffered a very high profile and therefore highly embarrassing (not to mention brand damaging) security breach earlier this year, would have done everything it could to ensure there could be no further shocks for its customers.

You would have been wrong though, if the news that Sony has locked down 93,000 online accounts is anything to go by.

It would appear that a number of unauthorised access attempts had been registered earlier this week, over a three day period, which succeeded as far as verifying the valid sign-in information for more than 90,000 accounts concerning Sony Entertainment Network, Sony Online Entertainment and PlayStation Network users.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach... to re-evaluate security holistically.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Although the fact that Sony reacted reasonably quickly to the hack attempt might sound like good news for the entertainment giants, coupled with no credit card information being put at risk this time around, I'm not convinced that's the case.

Sony is being pretty quick to assure anyone who will listen that the breach came about from using data lists obtained from compromised external sources, as in other companies and not Sony itself. It is being equally timely in stating that all the accounts concerned have been locked until a full investigation into the actual extent of the unauthorised access attempts has been completed.

Users will be asked to change passwords, although once again Sony is taking the opportunity to try and mitigate brand damage by pointing out that it was but a "small fraction" of the 93,000 accounts which had logged any kind of activity before being locked down.

What a shame that Sony hadn't taken the time during the five or six months that have elapsed since the original data breach and the secondary one that followed soon after to re-evaluate security holistically. If it had done that then perhaps it would have understood that the old enterprise security paradigm of 'encrypting critical business data balances the risk equation' is no longer enough.

Hackers are no longer just interested in your financial information, credit card data and the like, they are interested in everything because everything has a value. Increasingly this means an interest in what you might call 'social data' that you hold about your customers.

"To ensure maximum security, organisations need to encrypt all data, including the information they exchange and store with external IT infrastructures, such as business partners, cloud providers and other third party organisations," says Mike Smart from SafeNet. "This will significantly reduce the potential damage to the business and the customers in case of a security breach and will restore trust in consumer privacy."

Advertisement - Article continues below

Unless Sony, and indeed you for that matter, adopt a more holistic approach whereby data is encrypted at every stage of the lifecycle then this is not going to be the last time I write about trust-tarnishing, brand-damaging breaches such as this.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

18 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020