I stumbled upon an infographic which shows a timeline of events regarding the recent hacking of Sony’s online networks. This is pretty much the nightmare of a lifetime. Repeated attacks throughout the world, clients’ personal information stolen (including credit card numbers), servers brought down, and a 25 day interruption of services. Here’s the highlight reel:Hacking of Sony Playstation’s Network – Timeline
This was all brought about because the attackers were able to detect a common coding flaw called “SQL injection”. Sony has already spent $171 million as a result of the attacks, and accordingly to Veracode, an IT security service, those costs could end up closer to $24 billion.
Here’s the kicker: for less than $10,000 Sony could have purchased a “static and dynamic scan” which could have detected their SQL injection flaws before the breach occurred and provided immediate remediation.
Now for our legal clients out there I’m not proposing you spend $10k on the scanner referenced above but rather, I think this serves as a good reason to ask yourself if you’ve made meaningful investments into your security. No matter how great your IT environment is, it only takes a few seconds for you to lose credibility with your clients. So be proactive, get in front of problems, and don’t judge IT security by revenue and profits; think about the long term implications of not investing just a little bit more to keep things safe.