What’s that age old saying? Fool me once, shame on you – fool me twice shame on me? Well in the case of Sony, what happens when you’re fooled more than twice?
According to recent revelations, at the time of the hack it appears as though there were only 11 people in Sony’s North American information security team; 11 people working to secure a company with over 7,000 employees.
Even more disturbing, the sensitive files on the Sony Pictures network weren’t password-protected or encrypted internally. This kind of public information now poses the great question: “Did Sony even understand their IT Security landscape?” What’s more, did they have a strategy around enterprise data security? Given that back in 2007, Sony’s Director of Information Security, Jason Spaltro, was quoted in an interview saying, “…it’s a valid business decision to accept the risk [of a security breach],” it clear that no real investment was made in IT security nor was there any real understanding of the importance of protecting sensitive information.
This breach, among others, is just another classic example of organizations undermining the value of data encryption. Going back to Spaltro’s 2007 interview, he also stated that he “…will not invest $10 million to avoid a possible $1 million loss.”
Experts are estimating that this hack is going to cost Sony a cool $100 million. Previous hacks have cost the company approximately $171 million. We’re not exactly mathematicians here, but it’s safe to say that these numbers just aren’t adding up.
For those organizations out there that have yet to truly understand the value of investing in security solutions, especially those that protect and encrypt their data, take a lesson out of Sony’s book and make the time to choose the right security strategy for your company.