Sony Hacked Again: How Not to Do Network Security

Sony has been targeted once again by a hacking collective and more customer data has been breached.

Yes. As unbelievable as it may seem, Sony was hacked again. It is not (entirely) Sony's fault that it is the target du jour for hackers everywhere. But, it is Sony's fault that its networks and servers seem to be trivial to hack and easy to pwn.

The trials and tribulations of Sony's epic struggle against hacks and data breaches over the past month or so are well-documented. You can read all about the breach of Sony Ericsson Canada, or Sony BMG Greece, or the Sony Playstation Network, or any of the other network attacks against Sony all over the Web.

LulzSec, the hacker collective responsible for the Wikileaks hacktivism attack and fake Tupac resurrection story on the PBS site last week, made it clear that Sony was the next target on its radar. Now it has made good on that threat with a hack of the Sony Pictures network, and claims to have compromised the account details of a million users.

Now, I am of the opinion that there is no such thing as absolute security. Any network is vulnerable given an attacker with sufficient skills, resources, and time. So, it would be very easy for me to be sympathetic to Sony's plight--except Sony seems to ignore compliance requirements and basic security best practices, so it is basically begging to be attacked. Shame on you, Sony. Seriously.

Andrew Brandt, lead threat research analyst for Webroot, agrees. "Lulz Security says the information they stole was entirely unencrypted, and while we can't verify Lulz's statements, we can say that companies should take this as a warning to check their internal methods of storing their customers' confidential information and make sure they comply with industry standards such as PCI-DSS."

According to Randy Abrams, director of technical education for ESET, if Sony did, in fact, store passwords in plain-text as LulzSec claims, it is nothing short of blatant negligence.

Fred Touchette of AppRiver adds. "There is no doubt that Sony needs to spend some major effort in tightening up its network security. This latest hack against them was a series of simple SQL Injection attacks against its web servers. This simply should not have happened."

So, aside from not pissing off the hacker collectives of the world, what can other companies do to prevent becoming a poster child for network insecurity? The best advice is that following security best practices, and implementing stronger network and data security controls is best done before you're a victim of hacks like these, not after.

Tim 'TK' Keanini, CTO of nCircle, cautions organizations, though, against security 'silver bullets' or shortcuts. He likens improving network security to losing weight or improving physical fitness. "No matter how hard you work it's going to take more than a few days, even if you focus on nothing else. Great security is about more than technology. It has to be baked into business processes and into every employee's brains as they go about their everyday activities."

Be proactive about following security best practices and data security compliance requirements. Don't be a Sony.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityhackerssonydata protectionnetwork securitydata breach

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?