Does Sony know what’s happening within its IT networks?

Hacking group LulzSecurity (LulzSec) has announced that it has breached Sony’s IT defences, gaining access to the passwords, addresses and other personal information provided by more than one million customers who registered on the media giant’s SonyPictures.com website.

This is the third high profile hack to hit Sony in the past two months, with the Sony Playstation Network (PSN) and Sony Online Entertainment (SOE) divisions already breached by hackers.

What’s interesting about this latest Sony attack is that it is the hacking group, rather than Sony itself, who has disclosed the breach. This raises the question: did SonyPictures.com even know that its network had been compromised? Perhaps it did know, but decided not to disclose it. Either way, it will be a major worry to consumers who have entrusted the company with their personal information.

Sony needs to take drastic and immediate action to step up its IT defences if it is ever going to restore consumer confidence in its services. At the moment, you can’t believe that anyone would happily hand over their password and date of birth to Sony for safe keeping.

Indeed, research has found that two thirds of UK customers would try to avoid future interactions with organisations which have lost confidential data, while 17 percent would never deal with them again.

High profile breaches are becoming more and more prevalent, and with hacking techniques becoming increasingly effective at bypassing perimeter IT defences, it is absolutely vital that every organisation has a safety net in place. By constantly monitoring the log data generated by every device and application on their networks, organisations can immediately spot unusual or suspicious behaviour that could signal that a hack is in progress.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.