According to Businessweek, Sony Pictures Entertainment was warned a year ago that cyber-criminals had breached security networks in 2013 and had been stealing information on a regular basis ever since. The source for that intrusion has not been identified, and it followed the 2011 breach of Sony's Playstation system, which exposed the personal data of 77 million users.
After the 2011 Playstation incident, Sony hired a third-party contractor to review its cyber-security practices. According to Businessweek, the contractor found that serious vulnerabilities remained in the company's security network despite efforts to patch the holes. The improvements that were made also only related to the Playstation sector of Sony's systems and didn't translate to protection for the rest of the company networks.
Sony has also been criticized for failing to conduct an audit in order to discover exactly how much content had been stolen in the Playstation breach. The data mined in the latest breach, which according to the FBI was perpetrated by the North Korean government, is said to provide not only access to all of Sony's sensitive information and communications but also a blueprint of the company's security measures. The organization will therefore have to rebuild its system almost from scratch in order to guarantee future security.
"Sony is unfortunate," said compliance-assessment professional Rick Dakin to Businessweek. "They are a two-time loser before they could right the ship. However, the wake-up call is for everyone else."
Meanwhile, the United States government is deciding on an appropriate response to North Korea's cyber-attack and subsequent threats.
If you own a business, ensure your customers' security by looking for holes in your system before you experience a problem. Upgrade your credit card pos software today so you won't have to deal with the aftermath of a breach tomorrow.