Guiding Quote

“Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.” Einstein

Saturday, December 20, 2014

Sony hack and Risk Management.

The hacking of Sony pictures computer systems is only the latest of a long series of hacking attacks on commercial and government systems. This one became “big” news because it resulted in the release of derogatory comments about celebrities and culminated in the withdrawal of a movie because of threats to cinema chains. 
What has been overlooked in all of the public furore about who the hackers actually were, who slagged who off, and the cancellation of the film’s launch, is the reported poor state of Sony’s computer systems security. Some 3 years ago hackers gained access to the accounts of 77 million paying users of their Play Station network. Improvements were promised. This year both their German and Brazilian networks have been penetrated. Also they allegedly stored all their key passwords in a file called, wait for it, “Passwords” - ‘oh deary me’ as my grandmother would have said - talk about making the hackers job easy! Computer security would appear to have been a low priority for someone at Sony. 

Bad enough that sophisticated hackers should attack your system without you aiding and abetting their efforts with poor security.

The alarming fact is that Sony are probably no better or worse than most large companies. The lack of basic encryption, poor password standards, and lack of effective system monitoring are common place. Any decent risk plan should address hacking and have detailed actions of how the system is to be protected. 

I would not be surprised if somewhere in all of these corporations there are reports that show that these problems exist and also Potemkin spreadsheets that also show that there is no problem. No prizes for guessing which documents the Board has been seeing!

No comments:

Post a Comment