Lessons from the Sony Playstation Network Hack

Sony Playstation’s network was hacked into about a week ago. Read on for a CIO’s checklist.

 


UserIDs, passwords and possibly credit card information has been stolen by unknown persons.
How the network was hacked into; which part of the infrastructure was broken by the hackers to get into the Playstation network remains a mystery.

 

The company warns it’s users of possible identity theft and related scams.

 

Is there a lesson here for companies that store critical information? Assuming that a company like Sony with a large worldwide audience logging in to it’s network, which would have taken considerable measures to safeguard it’s network has been broken into is scary.

 

Organisations would do well to remember basic tenets of security.
– Adopt a defence in depth policy
– Fortify perimeter devices like routers & firewalls
– Disable unnecessary ports/ services on servers
– On devices exposed to the outside world, keep all software updated; it is child’s play to exploit vulnerabilities in software
– Implement IDS, IPS
– Perform periodic penetration testing on perimeter servers & devices eg. web server, router
– Educate users on secure practices
– Implement end-point security

 

This is by no means an exhaustive list; just an indicative one. But, most organisations would do well to tick off these points on their security to-do list.

 

Lastly, management support for security initiatives would go a long way in protecting business data more effectively and painlessly.