Some of the issues with Sony may have been the massive scale and complexity of its IT infrastructure, which can become difficult to maintain and secure, said Jeremy MacBean, director of business development at solution provider IT Weapons in Toronto. Reducing complexity in the network architecture and turning off rarely used system components can increase security by reducing the attack surface that criminals can probe to find a way in, MacBean said.
"The fact that three years later this is still a blemish on [Sony] should give a clear signal to all business owners that protecting your customers' data is more important than ever," MacBean said. "Every business, large and small, is impacted by these issues."
Sony agreed to pay a $400,000 fine associated with the breach that was levied by the U.K. government last year. A report issued by the U.K. Information Commissioner's Office found that Sony failed to adequately protect passwords and ensure that appropriate technical measures were taken against unauthorized or unlawful processing of personal data stored on the network platform. The company also had been in a long-standing dispute with its insurer, Zurich Insurance Group, over a policy dispute regarding the breach.
The Anonymous hacktivist group claimed responsibility for at least part of the Sony breach. A New York man, Xavier Monsegur, believed to have been the ringleader of LulzSec, an Anonymous offshoot, pled guilty to computer hacking conspiracies and other crimes. The FBI said Monsegur and three others formed LulzSec, and hacked into PBS, Sony and video game company Bethesda Softworks.
An FBI memo obtained by Reuters last year detailed the impact of the Anonymous hacktivist collective and indicated their increasing risk to national security.
PUBLISHED JUNE 17, 2014