Sony’s Security Nightmare is Not Unique
Sony Playstation is dealing with every consumer company’s worst nightmare right now: One day, you wake up, and someone has all of your 100 million customers’ data. And this isn’t just e-mail addresses; it’s names, birthdates, phone numbers, addresses, maybe even credit card numbers. And that “maybe” makes you look all the more foolish.
Each new revelation about the attacks on the company’s database of just seems to add to this nightmare. Despite shutting down for weeks, and implementing extra firewalls and additional layers of data encryption, the network went down again yesterday because of an extra-large loophole in the password reset function.
This series of attacks is going to cost Sony quite a pretty penny. Not only will it lose the fees and sales it would have earned while the network has been down, but it is also having to offer a pretty glitzy basket of goods to lure its customers back: free games, free movie rentals, and 30 to 60 days of free Playstation and music downloading services. All of this totals about $100 per user. That’s an astronomical figure, and it doesn’t even include the loss of sales to users who won’t return because they don’t trust the company with their data anymore.
Sony’s nightmarish month is illustrative of a principle that is unfortunately applicable to any kind of security: It’s often difficult to convince bottom-line-focused companies of the value of security until it’s too late. When all your assets are secure, the wisdom of shelling out for a quality security regime seems a bit dubious. But when trouble comes, it’s well worth the investment, as Sony is now learning the hard way. Better security measures would have saved the company a heck of a lot of money, as well as its reputation – something that can’t be bought back.
Posted by Laura Williams on May 19, 2011