Sony’s latest data breach: expert reaction

News emerged earlier this week that Sony had thwarted another attempted hack on its systems; this time 93,000 accounts on the Sony PlayStation Network and Sony Entertainment Network were suspended after the company detected, "a large amount of unauthorised sign-in attempts."

Sony stresses that no credit card details were at risk and those affected accounts have had their passwords reset.

It’s the latest in a long and demoralising line of data breaches at the company – earlier this year it suffered what is considered to be one of the biggest hacks ever, with the details of up to 77 million users compromised.

Here’s what some industry experts have had to say about the latest incident.

Matt Mosley, senior product manager, NetIQ:
"The recent announcement of another attack against Sony PlayStation Network (PSN) accounts raise an important reminder for all of us: use complex passwords and don’t use them for more than one online service. If the same password is used, a breach at one service or company could leave you exposed across all the online services that you use.

"However, unlike several high profile breaches in the last two years, this one doesn’t appear to be Sony’s fault. Instead, it appears that the user information and passwords were stolen from another online database and then used to try and access PSN accounts. As a result, this attack is yet another example of the risk and vulnerability inherent in many online services today.

"As end users, we can better protect ourselves, our identities and our credit score by varying the combinations of user names and passwords for our online activities. Businesses also need to realise that there are real threats to customer information, and data needs to be segregated and encrypted while multi-factor authentication are just the few steps organisations can take to minimise breaches."

Chris Harget, senior product marketing manager, ActivIdentity:
"The hackers were leveraging "password reuse," which apparently succeeded in giving them access to 93,000 Sony user accounts.

"The most recent Sony attack perfectly illustrates a danger to corporate networks, online banks, and ecommerce sites. Some users simplify managing multiple online identities by using common credentials across multiple accounts. The result is that if their Gmail or Hotmail or Facebook account is compromised, then their eTrade or Citibank or corporate network credentials could be compromised.

"ActivIdentity recommends requiring two-factor authentication and/or fraud detection to make password reuse impossible, and prohibit the majority of data breach techniques."

Mike Smart, product and solutions director, EMEA, SafeNet:
"The latest data security breach shows that the traditional approach of encrypting only critical financial data and business information no longer works. The recent rise in data security breaches targeting social data calls for a more comprehensive approach to information security which is centred around protecting data itself wherever it resides and at every stage of its lifecycle – from encrypting data when it is created, accessed, shared, stored, and moved.

"To ensure maximum security, organisations need to encrypt all data, including the information they exchange and store with external IT infrastructures, such as business partners, cloud providers and other third party organisations.

"This will significantly reduce the potential damage to the business and the customers in case of a security breach and will restore trust in consumer privacy."

Published:
Lang:
Type: White Paper
Length:

Favourites

  • Favorite list is empty.
FavoriteLoadingClear favorites

Your favorite posts saved to your browsers cookies. If you clear cookies also favorite posts will be deleted.