3. INTRODUCTION
Sony Corporation is a Japanese
multinational conglomerate corporation
headquartered in Tokyo, Japan.
Its business is primarily focused on
electronics, game, entertainment and
financial service sectors.
One of the leading manufacturers of
electronic products for the consumer and
professional markets.
4. SONY - PLAYSTATION
The PlayStation is a series of video game consoles
developed with consoles in 5th, 6th, 7th and 8th
generation.
Consists of 3 core home consoles, media center, an
online service, a line of controllers, 2 handhelds and a
phone as well as magazines.
The first console in series, the PlayStation, shipped 100
million units in 9.5 years.
Other series of PlayStation are – PlayStation Portable
(PSP), PlayStation 2, PlayStation Vita.
The PlayStation Network is an online service with over
69 million users worldwide.
Comprises of virtual market and the PlayStation Store.
Social gaming networking service called PlayStation
5. PlayStation NETWORK OUTAGE
The PlayStation Network outage was a result
of an “external intrusion” on Sony’s
PlayStation Network and Qriocity services.
Personal details from approximately 77
million accounts were stolen and prevented
by PlayStation 3 and PSP consoles.
Attack occurred on 17th and 19th April, 2011
One of the largest security breaches in
history.
6. SECURITY AND CONTOL
WEAKNESSES AT SONY
Issues with Apache web server
software.
To save time and money, they did not
use encryption on individual files.
Lack of security
Careless and unwillingness to spend
resources on expensive security
measures.
7. WHAT PEOPLE,
ORGANIZATIONAL AND
TECHNOLOGICAL FACTORS
CONTRIBUTE TO THESE
PROBLEMS ?
Unwillingness to spend money
Lack of training
Non-existent procedures and outdated
software
8. SONY – NOT THE ONLY
CORPORATION TO FACE DATA
BREACH
Tricare, Nemours, Epsilon, WordPress, Sony, HB Gary, TripAdvisor,
Citigroup, NASA, Lockheed Martin and RSA Security are also victims
of data brech.
Company Name Number of Customers Date
Heatland Payment Systems 130 Million January 20, 2009
Sony Corporation 102 Million April 26, 2011 - June
04,2011
TJX Companies 94 Million January 17, 2007
TRW 90 Million June 1, 1984
Card Systems 40 Million June 9, 2005
US Dept. of Veterans Affairs 26 Million May 22, 2006
Bank of New York 12 Million Sep 6, 2008
9. IMPACT OF DATA
INFILTRATION ON THE
COMPANY
Company anticipated the cost of this data breach more than $ 170
Million plus associated legal cost.
On 24th January, 2013, The UK's Information Commissioner's Office
(ICO) announced that they'll be assessing a penalty of £250,000 on
Sony.
In the Canadian lawsuit against Sony USA, Canada and Japan
claimed damages up to Canadian $ 1 billion including free credit
monitoring and identity theft insurance.
It took Sony four weeks just to restore PlayStation service that too
partially!
Moreover, company’s loss of brand image and market value.
10. IMPACT OF DATA INFILTRATION
ON CUSTOMERS
Personal information of about 77 million users
were stolen.
Theft of credit card information of 12 million users.
Hence, customers lost their trust in the company,
which is huge loss for any company.
11. STEPS TAKEN BY SONY TO
MAKE A COME BACK
Company announced “Welcome Back” program,
which offered its current member a 30 days of
free membership.
Additionally, it offered free games and privacy
protections (“All Clear Id Plus”) at its own
expense.
12. SOLUTIONS TO PREVENT
THESE PROBLEMS
• Prevent the intentional or unintentional
disclosure of sensitive data at rest, in
use or in motion to unauthorized parties
• Maintain adequate security and provide
usability
• Protect customer data and brand
reputation
• Protect personally identifiable
information and intellectual property
13. Firewalls
Intrusion detection systems
Antivirus software
Encryption
TOOLS AND TECHNOLOGIES
14. TOOLS AND TECHNOLOGIES
Endpoint security: Restrict access to
local admin functions. Prevent malicious
software, viruses, spyware, etc
Host encryption: Ensure disks and data
are encrypted on all servers,
workstations, laptops and mobile devices
Upgrade software: Upgrade the software
to latest version.
15. TOOLS AND TECHNOLOGIES
Network monitoring: Log and monitor network
traffic to identifying and investigate
inappropriate sensitive data transfers
Access/usage monitoring: Monitor access
and usage of high-risk data to identify
potentially inappropriate usage
Export/save control: Restrict user abilities to
copy sensitive data into unapproved
containers (e.g., email, web browsers)