The latest Sony Pictures hacking scandal holds some serious lessons for both company execs and CIO’s. When breaches in network security of this magnitude occur, there are usually severe outcomes for employees and senior staff across the ranks.
Recent developments include former employees of the company filing a lawsuit against the media giant for allowing personal information including salaries, home addresses, copies of identity documents, and health information ending up in public domain. Rumours also abound around the imminent sacking of Sony’s vice president. The hack is a clear example among many in the past of the damage a company can suffer when network security is compromised.
What network security lessons can we learn from the Sony hack?
Lesson 1: Don’t be complacent
It might be difficult to believe, but the complainants in the Sony lawsuit argue that the company failed to implement adequate security measures to prevent a breach of this magnitude from occurring. But, even companies of Sony’s magnitude, reputation and capacity to throw megabucks at IT security can get caught with their pants around their ankles. It therefor goes to reason that complacency is the very first threat that IT execs should guard against.
Ask yourself if your security policy and protocols are equally matched to your environment’s demands, and ensure penetration testing is part of your security regiment. With the demand for around the clock access to company networks, loopholes abound. So, never be too confident about your environment’s penetrability and foster a culture of security awareness that includes regular and vigorous vulnerability testing. If security is a delegated task, make sure you have regular sit-downs with your security expert and involve yourself in network security assessments.
Lesson 2: Use lessons from the past
More surprisingly is the fact that Sony’s Playstation network suffered an equally serious breach in 2011. The hack resulted in gamers being left unable to access their online gaming profiles, and Sony having to compensate affected customers with free access to online content and other efforts to appease angered gamers. The cost in both financial and reputational terms was a hefty price to pay for the company. But it seems it failed to heed the lessons from the 2011 breach in light of the most recent one. How is it that the company allowed itself to get itself in this situation a second time?
The 2011 hack also resulted in Sony customers having their personal information exposed to hackers. The lesson here is that lightning can strike twice in the same place. Use breaches, big or small, as serious lessons around how secure your network really is and implement the changes needed, even if it means wrestling more money out of your CFO’s clenched fist.
Communicate, not only network security risks, but the potential implications to top management and remove the jargon from the message. Make it plain the seriousness of network security breaches not only puts the company at risk, but people’s careers. Which leads us to lesson number three.
Lesson 3: Understanding the implications of a network security breach
When people fully understand the wide-ranging effects a security breach holds for their organisation, it isn’t difficult for them to act, or spend. Sony’s stock took a serious plummet following both hacks, and in light of the fact that the current vice president of the pictures division being uncertain about her job security, shows that not even the higher-ups are safe from the consequences of network security breaches. Erring on the side of caution is a far better route when you are charged with the safekeeping of a business’ most valued asset – its data.
Are all your bases covered?
Security threats can come from anywhere considering the myriad of entry points on large networks today. The amount of IT staff it would take to monitor every gateway, firewall and other security devices around the clock makes it an impossible task. Placing that task in the hands of network monitoring software frees you and your staff from waiting for the next security threat. Network monitoring is about reacting when the alarm sounds, instead it is a proactive way of ensuring that your environment closes any loopholes in its security apparatus.
The best monitoring software enables staff to take preventative measures when security concerns are raised. IRIS is one such network monitoring solution that gives you and you IT team a 360 view of your environment, with detailed visualisations of the most complex networks. Our solution currently provide leading ISP’s and large enterprises the tools they need to keep their environments safe, secure and optimised
Image Credit: Flickr