Wow. Sony really pissed somebody off. It seems like every day there is news of another Sony network falling victim to attack.
Just in the past couple days one attackĀ yielded 2,000 customer records, while another exposed 8,500 customer accounts. Of course, those are pocket change compared with the estimated 77 million accounts exposed by the hack of the Sony Playstation Network.
What is the lesson here, though. Is it that Sony pissed off the wrong hackers and other companies should try to stay more low profile so they don’t invite a similar wrath? Or, is it that Sony should have better network and data security so that hackers can’t just waltz in and take sensitive data?
I am going to suggest it is somewhere in the middle. Obviously, it is best not to poke the proverbial hornets’ nest, but you can’t let the possibility of offending cyber criminals dictate how you conduct business. That said, it seems equally obvious that Sony’s network defense and data protection is trivial for hackers to circumvent.
I think there is some danger for other organizations in assuming that the problem stems purely from Sony making enemies of the hackers in question–as if, had Sony not done that the data would be safe. Don’t assume that just because your network is not under seige like Sony, that it is impervious, or that your data couldn’t suffer a similar fate.
On the contrary, use this as a learning expeirence. To the extent you can–given whatever details Sony might reveal–assume that your network or data were under a similar attack and try to predict what would happen. Perhaps you can gain some valuable knowledge from the experience and put it to good use before your data gets exposed as well.