Sony Hacked Again: How Not to Do Network Security

Sony has been targeted once again by a hacking collective and more customer data has been breached.

Yes. As unbelievable as it may seem, Sony was hacked again. It is not (entirely) Sony's fault that it is the target du jour for hackers everywhere. But, it is Sony's fault that its networks and servers seem to be trivial to hack and easy to pwn.

The trials and tribulations of Sony's epic struggle against hacks and data breaches over the past month or so are well-documented. You can read all about the breach of Sony Ericsson Canada, or Sony BMG Greece, or the Sony Playstation Network, or any of the other network attacks against Sony all over the Web.

LulzSec, the hacker collective responsible for the Wikileaks hacktivism attack and fake Tupac resurrection story on the PBS site last week, made it clear that Sony was the next target on its radar. Now it has made good on that threat with a hack of the Sony Pictures network, and claims to have compromised the account details of a million users.

Now, I am of the opinion that there is no such thing as absolute security. Any network is vulnerable given an attacker with sufficient skills, resources, and time. So, it would be very easy for me to be sympathetic to Sony's plight--except Sony seems to ignore compliance requirements and basic security best practices, so it is basically begging to be attacked. Shame on you, Sony. Seriously.

Andrew Brandt, lead threat research analyst for Webroot, agrees. "Lulz Security says the information they stole was entirely unencrypted, and while we can't verify Lulz's statements, we can say that companies should take this as a warning to check their internal methods of storing their customers' confidential information and make sure they comply with industry standards such as PCI-DSS."

According to Randy Abrams, director of technical education for ESET, if Sony did, in fact, store passwords in plain-text as LulzSec claims, it is nothing short of blatant negligence.

Fred Touchette of AppRiver adds. "There is no doubt that Sony needs to spend some major effort in tightening up its network security. This latest hack against them was a series of simple SQL Injection attacks against its web servers. This simply should not have happened."

So, aside from not pissing off the hacker collectives of the world, what can other companies do to prevent becoming a poster child for network insecurity? The best advice is that following security best practices, and implementing stronger network and data security controls is best done before you're a victim of hacks like these, not after.

Tim 'TK' Keanini, CTO of nCircle, cautions organizations, though, against security 'silver bullets' or shortcuts. He likens improving network security to losing weight or improving physical fitness. "No matter how hard you work it's going to take more than a few days, even if you focus on nothing else. Great security is about more than technology. It has to be baked into business processes and into every employee's brains as they go about their everyday activities."

Be proactive about following security best practices and data security compliance requirements. Don't be a Sony.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags network securityhackerssecuritydata breachsonydata protection

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?