How to Ease the Aftermath of a Data Breach – a look at Sony

What’s that age old saying? Fool me once, shame on you – fool me twice shame on me? Well in the case of Sony, what happens when you’re fooled more than twice?

According to recent revelations, at the time of the hack it appears as though there were only 11 people in Sony’s North American information security team; 11 people working to secure a company with over 7,000 employees.

Even more disturbing, the sensitive files on the Sony Pictures network weren’t password-protected or encrypted internally. This kind of public information now poses the great question: “Did Sony even understand their IT Security landscape?” What’s more, did they have a strategy around enterprise data security? Given that back in 2007, Sony’s Director of Information Security, Jason Spaltro, was quoted in an interview saying, “…it’s a valid business decision to accept the risk [of a security breach],” it clear that no real investment was made in IT security nor was there any real understanding of the importance of protecting sensitive information.

This breach, among others, is just another classic example of organizations undermining the value of data encryption. Going back to Spaltro’s 2007 interview, he also stated that he “…will not invest $10 million to avoid a possible $1 million loss.”

Experts are estimating that this hack is going to cost Sony a cool $100 million. Previous hacks have cost the company approximately $171 million. We’re not exactly mathematicians here, but it’s safe to say that these numbers just aren’t adding up.

For those organizations out there that have yet to truly understand the value of investing in security solutions, especially those that protect and encrypt their data, take a lesson out of Sony’s book and make the time to choose the right security strategy for your company.

Previous Post
Weak Passwords
Next Post
Using a Botnet to “Crack” AES Encryption Keys?

Related Posts

Nothing a patch can’t fix

Historically, when we’ve had to make updates to SecureDoc we’ve issued Service Releases (SRs) to address minor bug fixes, software update and feature additions. SRs enabled us to ensure continued compatibility with things such as Mac OS X updates. (more…)
Read more

Protect and Partner Up

There have been many high profile breaches in 2014: Home Depot, Target, and the most recent, Sony Pictures Entertainment. These breaches clearly illustrate that there is much work to be done across all business sizes. (more…)
Read more

BitLocker Management

The never-ending torrent of high-profile data breaches encourages companies to evaluate security fundamentals. Among them is full-disk encryption (FDE), a security best practice that protects information on servers, laptops and other devices while they are at rest. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu