Biz like Sony need to beef up comms as well as security and processes

While many were still reeling from news that the personal details of 77m user of Sony’s PlayStation Network were stolen by hackers, the company has warned that 25m more users another its networks may also be at risk of fraud.


The company suspended the Sony Online Entertainment service two weeks after its PlayStation Network was hit by hackers.


The company previously said it did not believe users of the Sony Online Entertainment (SOE) service had been affected by the hack, but now says investigations have revealed SOE account information may have been stolen.


With over 100m user details potentially compromised, this is one of the biggest breaches to date and coming after several similar breaches at TripAdvisor, Lush, and Epsilon, highlights the urgent need for providers of online services to do more to safeguard the personal details of users.


Hacks will always take place, says Rik Ferguson director security research at Trend Micro. As businesses improve their security, a hacker will always try to find a way round it, but he says, it would certainly be advisable for companies to communicate such breaches in a more effective manner.


Sony has been criticised for taking so long between detecting an intrusion, to closing down the network, to alerting users their personal details had been compromised. The US House of Representatives has called on the company to explain the delay.


Given that hacks are always going to be a possibility, Ferguson says service providers should ensure they are able to communicate quickly and effectively with their customers.


The emails both TripAdvisor and issued to announce their breaches were not only vague, but also provided little advice on what a customer should do beyond, ‘ignore spam emails’, he says.


In the absence of any guarantees that email addresses will always be secure, Ferguson says users should opt for disposable email addresses for different websites.


“For example, Yahoo allows you to create a certain number of “disposable” email addresses under one account so that they can be used for various online activities. You could have an email address for Amazon and another for Ebay. That way, if one of those websites were breached, you would know which one and can simply delete the compromised email address,” he says.


The more active users are in making sure their emails and passwords are not all interlinked, the more likely they will be able to stop an online hack becoming much more than the pilfering of their email address, says Ferguson.


Sony et al, he says, should provide details about exactly what was breached and what is being done to ensure the same thing will not happen again.


“It is important for them and their customers to make sure measures are being put in place,” he says.


According to Ferguson, if recognisable targets like Sony, TripAdvisor and are more forthcoming with their advice and information on security breaches, and consumers become more proactive with how they manage their email accounts, the threat of serious attacks should be lessened.


“There is always the chance that someone can get hold of your information without you knowing, but as long as you take control and make sure you are as secure as you can be, and websites are ensuring they have the correct measures in place, there is certainly less to worry about,” he says.