The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Yes, the breach could have easily been prevented. Had Sony enabled fairly standard firewall technology and kept its systems up-to-date with the latest patches, none of this most likely would have happened.
Since most of us have enabled firewalls on our personal computers and are aware of the risks if we don’t, Sony’s mistake immediately smacks of foolishness. But setting up protection for a network of 100 million users is a little different than protecting the Mac in your living room.
Sony’s breach is a valuable lesson for many organizations considering a transition to the cloud. Already the media is reporting that businesses are rethinking it. And that’s a good thing.
Any transition from one kind of data system to another needs serious thought. That’s the Sony lesson: Migrating data from a traditional system to a new technology must be done very carefully. Shifting from classical to cloud isn’t as easy as the snappy alliteration makes it seem.
Whatever move your data is making, you must ensure all relevant security measures are enabled. If the servers are connected to the Internet, yes Sir Howard Stringer, you need a firewall. But even if it isn’t, you need to ask questions such as, What information is guarded? How is it guarded? What is the scalability, and how can it be exploited? How do we know that someone is after our data?
The second lesson we can learn here is the rule of maximum leverage. Leverage all security elements to maximum potential. Businesses of all sizes have a patch management policy, most likely executed by an inside professional security team. It would have been to Sony’s benefit to have such a functioning policy in place, and, with 100 million users, to make sure it’s as rigorous as possible, with tight control on its execution.
We often use words like “robust,” “comprehensive,” and “strong” to describe security programs. Nice as that may sound, security isn’t only about the strength of a system, but about the mindset of the people working it. Have they asked all the questions? Have they covered all their bases? Whenever data is transitioned someone needs to know enough to ask the right questions. The human element is the most important security element. It is human creativity that pushes technology to its maximum functionality. Security needs a vision and strong ruler fully supported by executive management. After all, someone has to flip that firewall switch.
More from Identity Theft 911:
Image courtesy of iwannt, via Flickr
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams