View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 14, 2011

Sony’s latest data breach: expert reaction

CBR looks at what the experts have had to say on the latest data scare to hit electronics giant Sony

By Cbr Rolling Blog

News emerged earlier this week that Sony had thwarted another attempted hack on its systems; this time 93,000 accounts on the Sony PlayStation Network and Sony Entertainment Network were suspended after the company detected, "a large amount of unauthorised sign-in attempts."

Sony stresses that no credit card details were at risk and those affected accounts have had their passwords reset.

It’s the latest in a long and demoralising line of data breaches at the company – earlier this year it suffered what is considered to be one of the biggest hacks ever, with the details of up to 77 million users compromised.

Here’s what some industry experts have had to say about the latest incident.

Matt Mosley, senior product manager, NetIQ:
"The recent announcement of another attack against Sony PlayStation Network (PSN) accounts raise an important reminder for all of us: use complex passwords and don’t use them for more than one online service. If the same password is used, a breach at one service or company could leave you exposed across all the online services that you use.

"However, unlike several high profile breaches in the last two years, this one doesn’t appear to be Sony’s fault. Instead, it appears that the user information and passwords were stolen from another online database and then used to try and access PSN accounts. As a result, this attack is yet another example of the risk and vulnerability inherent in many online services today.

"As end users, we can better protect ourselves, our identities and our credit score by varying the combinations of user names and passwords for our online activities. Businesses also need to realise that there are real threats to customer information, and data needs to be segregated and encrypted while multi-factor authentication are just the few steps organisations can take to minimise breaches."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Chris Harget, senior product marketing manager, ActivIdentity:
"The hackers were leveraging "password reuse," which apparently succeeded in giving them access to 93,000 Sony user accounts.

"The most recent Sony attack perfectly illustrates a danger to corporate networks, online banks, and ecommerce sites. Some users simplify managing multiple online identities by using common credentials across multiple accounts. The result is that if their Gmail or Hotmail or Facebook account is compromised, then their eTrade or Citibank or corporate network credentials could be compromised.

"ActivIdentity recommends requiring two-factor authentication and/or fraud detection to make password reuse impossible, and prohibit the majority of data breach techniques."

Mike Smart, product and solutions director, EMEA, SafeNet:
"The latest data security breach shows that the traditional approach of encrypting only critical financial data and business information no longer works. The recent rise in data security breaches targeting social data calls for a more comprehensive approach to information security which is centred around protecting data itself wherever it resides and at every stage of its lifecycle – from encrypting data when it is created, accessed, shared, stored, and moved.

"To ensure maximum security, organisations need to encrypt all data, including the information they exchange and store with external IT infrastructures, such as business partners, cloud providers and other third party organisations.

"This will significantly reduce the potential damage to the business and the customers in case of a security breach and will restore trust in consumer privacy."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.