Shame on Sony

The recent embarrassing security breach of the Sony Playstation network is a harsh lesson indeed. Depending on who you believe, this breach is costing Sony between $200M and $20B (yes, that is a B). There are even some who are speculating that it will take Sony so long to recover from this breach that the PlayStation Network and  brand maybe on life support for years to come. The damage to the brand and the cost to rebuild it is not even included in the above numbers. Knowing what you know today, would you go out and buy a PlayStation as either a gift or for your personal use?

The news became even more shocking when Sony announced that it was now recruiting for a CISO (Chief Information Security Officer). How can a worldwide company with billions in revenue and an even larger market cap not have a CISO? It boggles the mind.  By recruiting one now, it is a bit like ensuring that the gates are shut long after the horses have left the corral.

More importantly, this lack of security awareness also indicates that other data at Sony is probably at risk. There is no security infrastructure to ensure that governance, risk and compliance has taken place.  Sony’s products have probably not been evaluated in those terms and are no doubt susceptible to a ‘hack attack’.  Now that we have flat screens that hook up directly to the internet, now long will it be before we see an attack directly on a specific brand of TV’s.  Could a hacker monetize that attack – probably not – but it is well within the realm of possibility and it would be yet another nail in the coffin of the Sony brand.

It will take years and many billions of dollars for Sony to recover and who knows if the PlayStation ever will. Even though Sony has arranged for credit protection, Javelin research shows that once you receive such a letter, you are six times more likely to be the victim of ID theft than the average consumer. Hold on to your hats folks – this breach will have an impact on our ID Fraud Rate that will be felt for years to come.

Category: Fraud and Security

Tagged:      , , , , , ,

3 Responses

  1. Jeff says:

    Do you think this problem eminates from the game console being a stand alone, unconnected device suddenly being connected to the internet? Perhaps by the company trying to be too fast to join the connected market rather than thoughtfully thinking through the ramifications of connecting the device? Seems likely to me… The lack of thoroughness is going to cost them dearly.

  2. Aleia says:

    Just spoke with a gaming-industry rep who stated that he wouldn’t be surprised if Sony begins to offer prepaid game cards to its users as a PR/goodwill gesture…and also to lower the fraud risk of managing accounts linked to credit cards. What do you think? Is prepaid the way to go for large scale merchants who aren’t prepared to invest in comprehensive security measures?

  3. Phil Blank says:

    Aleia

    You are correct. They have already ‘comped’ come games to existing PlayStation users. I have spoken to some of these usere (Gen Y/Millenials) who think it is ‘cool’ to be getting free games. It will be interesting to see what happens when these folks find their credit has been compromised by this breach.

    I wonder if it will simply spur a new type of fraud. Instead of hacking for credit card numbers, they will be attempting to steal the game credits. Sony’s network has shown itself to be so porous that anything goes. In the past, I would have said that pre-paid would be a good step but in today’s world, that still leaves a lot of PII available for the taking.

Leave a Reply