May 13, 2011 |
The recent embarrassing security breach of the Sony Playstation network is a harsh lesson indeed. Depending on who you believe, this breach is costing Sony between $200M and $20B (yes, that is a B). There are even some who are speculating that it will take Sony so long to recover from this breach that the PlayStation Network and brand maybe on life support for years to come. The damage to the brand and the cost to rebuild it is not even included in the above numbers. Knowing what you know today, would you go out and buy a PlayStation as either a gift or for your personal use?
The news became even more shocking when Sony announced that it was now recruiting for a CISO (Chief Information Security Officer). How can a worldwide company with billions in revenue and an even larger market cap not have a CISO? It boggles the mind. By recruiting one now, it is a bit like ensuring that the gates are shut long after the horses have left the corral.
More importantly, this lack of security awareness also indicates that other data at Sony is probably at risk. There is no security infrastructure to ensure that governance, risk and compliance has taken place. Sony’s products have probably not been evaluated in those terms and are no doubt susceptible to a ‘hack attack’. Now that we have flat screens that hook up directly to the internet, now long will it be before we see an attack directly on a specific brand of TV’s. Could a hacker monetize that attack – probably not – but it is well within the realm of possibility and it would be yet another nail in the coffin of the Sony brand.
It will take years and many billions of dollars for Sony to recover and who knows if the PlayStation ever will. Even though Sony has arranged for credit protection, Javelin research shows that once you receive such a letter, you are six times more likely to be the victim of ID theft than the average consumer. Hold on to your hats folks – this breach will have an impact on our ID Fraud Rate that will be felt for years to come.