Sony Breach Archives - John Sileo, Cyber Security Training

Sony Cyber Attack: A Case Study in Cyber Leadership Failure

Cyber Leadership Only Gets Attention AFTER THE ATTACK

I am the first to admit that protecting your company against cyber attacks and the resulting data breach is a daunting task. There are thousands of moving parts connecting your systems, people, customer/employee data and the Internet. Most companies that are breached (e.g., Target, Home Depot, Staples, Chase Bank) take more steps than the average business to protect their customer data. But just taking more steps isn’t always enough; you have to take the right steps.

The recent Sony “Interview” Cyber Attack, in contrast, shows a blatant disregard of basic cyber leadership principals, making it a perfect case study for what you should NOT do as an executive protecting the data on which your business runs. Let’s go back a step. Sony Corporation suffered a crippling cyber security attack (supposedly from North Korea at the hands of a group calling themselves the Guardians of Peace) because of the controversial nature of its movie, The Interview, which depicts the attempted assassination of it’s leader, Kim Jong-un. The consequences of the hack will number in the hundreds, the costs in the hundreds of millions.

Sony Data Breach Grows by 25 Million – $1 Billion Price Tag

Sony just admitted this week that their Sony Online Entertainment (SOE) division, which they though was not affected by the recent breach, has also been compromised. They believe that the hackers stole personal information from an additional 25 million users and that the breach included credit card information.

In an unrelated article, Mizuho Investors Securities analyst Nobuo Kurahashi estimated the cost of Sony’s recovery from the data breaches to be approximately $1.25 billion:

Kurahashi estimates that the data breach will cost Sony about Y100 billion, or $1.25 billion from lost business, various compensation costs and new investments–assuming that no additional security problems emerge. The cyber attacks on Sony in recent weeks involved the theft of personal data that include names, passwords and addresses from accounts on its PlayStation Network and Sony Online Entertainment gaming services. Sony has also said that more than 10 million credit-card numbers may have been compromised.

Sony PlayStation Network User Information Hacked

Sony Corp. on Tuesday admitted that hackers have obtained personal data and possibly credit card information of tens of millions of people who have registered for PlayStation Network, the company’s online game and movie service, as well as its Qriocity digital music service.

PlayStation is a fun game, data breach is not.

As of March 31st, the Sony PlayStation Network has about 77 million accounts. These accounts link users to the network to obtain downloads and access online movies through services like Netflix. While Sony states that not all of the 77 million accounts are active accounts and some individuals have multiple accounts, they are not denying that a breach of information occurred.

The company spokesman, Patrick Seybold, admitted that the hackers not only gained such information as names, addresses, phone numbers, user names, birth dates, email addresses and passwords of registrants; but they are unsure if credit card information was compromised as well. Update: Sony recently announced that an additional 25 million records were breached.