The recent hackings of computer systems at Sony Pictures (the movie division) and Sony Computer Entertainment (the PlayStation division) are not new problems for the company. Specifically, in April, 2011, that same Sony Computer Entertainment division had the same problem as recently; its online gaming service called the PlayStation Network was seriously hacked. The service was shut down for almost a month and the personal data of tens of millions of customers was put at risk.
In 2011, the CEO of the Computer Entertainment division announced that in response, they planned to take a number of steps to prevent future breaches, such as enhanced levels of encryption, enhanced ability to detect software intrusions, added firewalls, the building of a new data center with increased security, and also naming a new Information Security Officer.
Negligible progress since 2011
The two Sony hacking incidents of the past month suggests that Sony as a company has made negligible progress since that very serious 2011 incident. The recent PlayStation outage lasted for days and made it clear that not only were they vulnerable, their weak internal resources caused them to struggle to get the problem under control.
The Sony Pictures hack is proving to be very embarrassing. It is becoming clear that the company was very vulnerable due to pure sloppiness. For example, as noted in Fortune Magazine, it appears that they were operating without adequate protection against phishing attacks and remote-access Trojans and had weak password management policies (e.g., computer passwords were compiled in a document invitingly called “passwords”). Also, there was a lack of proper use of encryption and backup procedures were inadequate.
Given the serious hack to the PlayStation division in 2011, you would have thought that all of Sony’s division would have been sensitized to the seriousness of cyber warfare. As noted in Fortune, a major factor that prevented Sony from using the lessons of 2011 was organizational structure. It is well known that the divisions of Sony operate as independent fiefdoms; they pretty much do as they please. Sony corporate seems powerless in regard to broadly implementing practices across divisions, or even within a particular division.
Be a tough dictator
Stepping back, what you are reminded of here is that on certain topics, the leader, or CEO in the case of Sony, needs to demand, with the threat of termination, that certain practices and security procedures must be implemented. Areas such a cyber-security, accounting practices, legal guidelines, and personnel policies should not be negotiable and should be implemented corporately, with individual divisions having no option but to cooperate. Yes, at times the leader needs to be a tough dictator. The risks are just too big.
Tweak Your Biz is a thought leader global publication and online business community. Today, it is part of the Small Biz Trends stable of websites and receives over 300,000 unique views per month. Would you like to write for us?
An outstanding title can increase tweets, Facebook Likes, and visitor traffic by 50% or more. Generate great titles for your articles and blog posts with the Tweak Your Biz Title Generator.