As we rely on technology more and more the vulnerability to hackers increases greatly. In our discussions last week about privacy and security breaches it is scary to think that no one is ever 100% safe from an attack. Since I work for a company that was the victim of one of the largest security breaches on record, this topic stings a bit for me. Since our attack, the culture and priorities at my company have completely changed to assure something like this never happens again. However, it seems as though every business is aware of this issue and are taking precautions to prevent attacks… but they keep happening.
In April 2011, Sony suffered a major breach of security where about 77 million of their customer’s information was compromised. Account info including, names, birth dates, addresses, log in info, and credit card information had been hacked into. The attack cost Sony an estimated $171. Since this was one of the most recent incidents, I was curious about what they were doing in response to this attack.
The article below outlines some of the measures that Sony is taking to increase security measures and ease the outraged customers that had their information stolen.
Their action plan consisted of offering PSN plus free for 30 days to all of their subscribers. Sony also will provide assistance to enroll in the ID theft protection program. I am not a PSN subscriber but I think this offering is a little weak. I don’t think that 1 month free PSN (a $5 value) would make me forget about the aggravation of having my information stolen. I think Sony could do better.
As far as beefing up security measures, Sony took the following steps:
· Appointed a Chief Information Security Officer.
· Enhanced encryption on consumer data
· Acquired automated tools designed to detect and defend against software intrusions
· Moved to a more secure data center
· Now require users to have forced password resets
I’m sure that these measures are an improvement from what Sony previously had. However, they don’t sound very different than the “improvements” that were being made 6 years ago when information security breaches really started to become a hot topic. It makes me feel like we are so far from having a handle on preventing these attacks.
Here are a few articles about the breach that I found interesting:
Here is a video clip of the Sony executives taking a bow of apology after the attack:
In this next article the head of Sony’s Network Entertainment Division talks about how this was learning experience. He states, “"I think for people running network businesses, it's not just about improving your security, because I've never talked to a security expert who said, 'As long you do the following three things you'll be fine, because hackers won't get you.' The question is how you build your life so you're able to cope with those things." That is a pretty powerful and scary statement. As we talked about in class last week, no one can ever be safe from a security attack. We can only establish layers of protection so that the hacker eventually gives up. 
No comments:
Post a Comment