Songy HackingI stumbled upon an infographic which shows a timeline of events regarding the recent hacking of Sony’s online networks. This is pretty much the nightmare of a lifetime. Repeated attacks throughout the world, clients’ personal information stolen (including credit card numbers), servers brought down, and a 25 day interruption of services. Here’s the highlight reel:

Hacking of Sony Playstation’s Network – Timeline
 
Microsoft Word - Document1

This was all brought about because the attackers were able to detect a common coding flaw called “SQL injection”. Sony has already spent $171 million as a result of the attacks, and accordingly to Veracode, an IT security service, those costs could end up closer to $24 billion.

Here’s the kicker: for less than $10,000 Sony could have purchased a “static and dynamic scan” which could have detected their SQL injection flaws before the breach occurred and provided immediate remediation.

Now for our legal clients out there I’m not proposing you spend $10k on the scanner referenced above but rather, I think this serves as a good reason to ask yourself if you’ve made meaningful investments into your security. No matter how great your IT environment is, it only takes a few seconds for you to lose credibility with your clients. So be proactive, get in front of problems, and don’t judge IT security by revenue and profits; think about the long term implications of not investing just a little bit more to keep things safe.

Related Articles:

Comments
  • Anonymous

    Sony is the Microsoft of the electronics industry. It just makes it’s own standards (Blu-Ray, Memory Stick…) and then expects others to follow. Unlike Microsoft, however, they almost always fail because they don’t have the de-facto monopoly that MS does.