Sony's Jackson hack: a common security failing?

The reported theft of Michael Jackson’s 50,000-track back catalogue from Sony Music by two UK hackers illustrates several interesting points.

First, even organisations with valuable intellectual property stored in their computer systems are not yet automatically detecting hacker intrusions.

Only when Sony began to scour its IT systems after the massive security breach of its IT systems in April last year, was the unrelated theft of the Jackson tracks discovered.

This raises the question as to how long it would have taken for the Jackson theft to have been discovered if the other breach had not occurred. Would it ever have been discovered?

The fact that a company like Sony did not have an effective intrusion detection capability at the time of the breach probably means that many others like it were, and still are, in a similar position.

Second, the theft illustrates that digital assets can now have an equal or greater value than physical assets. The problem is they are easier to steal and are often not nearly as well secured.

No company would fill a warehouse with $250m worth of goods without putting tight security around it, yet that is in effect what Sony did. They did not even have any form of burglar alarm.

Modern business organisations need to realise that as an increasing amount of intellectual property exists online, anything with street value will be considered fair game by criminals.

Ray Welsh, security expert at The Bunker, says organisations need to change their security culture to demonstrate their digital property is just as secure as their tangible assets.

“Criminals will always look for the opportunity that presents the least risk for the greatest reward, so the greatest protection is to be demonstrably more secure than rivals,” he says.

Third, companies need to consider the reputational damage that breaches can cause over and above the theft of intellectual property.

Being compromised in this manner would be embarrassing and lead to a loss of business for any company, says Welsh.

“However, for industries that specialise in selling digital information, the loss of consumer confidence could wipe them off the face of the map,” he says.

Because of its size, Sony appears to have survived the last year’s series of breaches, but few companies would be able to match its resources.

All companies that have significant digital assets should follow Sony’s example and conduct a root and branch review of their defences before they suffer a potentially fatal breach.

Enhanced by Zemanta