Sonys PlayStation Network has been down for a week now and Sony has finally released a more detailed statement on their blog. The full statement can be found here however there are a few interesting points.
The PlayStation Network has been down since Wednesday the 20th of April. Initially this was due to ‘emergency maintenance’ but it quickly became clear that this was down to a hacking attempt against the network. With 77 million users the PlayStation Network is far from a niche collection of gamers. The network provides other services such as movie streaming by LoveFilm and it’s the core of Sonys battle for your living room against the likes of Microsoft with their XBox 360 and Apple with their Apple TV. The network also stores a wealth of data about it’s users including credit card details, usernames and passwords.
In their blog post Sony state: “(Sony) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened”. One of the questions we would have is why Sony weren’t employing a security firm to perform regular intrusion attempts against their network in order to pre-empt any possible flaws. Such services are well within the grasp of the likes of Sony.
While this breach – and the subsequent handling of it which has been woeful – is bad news for Sonys attempt to take over your living space, it’s not just them that have had issues. In the last few months both Play.com and TripAdvisor.com have both reported data breaches.
So what can your company do to protect your data without having the budget of Sony (and Sony still weren’t safe!) ? Well regular security scans of your network, both internally and externally, are an affordable way of checking your systems against a constantly updated list of known flaws. You may not be able to fix them all but you can at least be made aware of the weak spots and work around them.
If you do find that there has been a breach then inform your users and visitors as soon as possible. You have a responsibility to them to ensure that they are able to decide on the best course of action as soon as possible. They may want to cancel credit cards, the password they used for your site may be the same as for all the other sites they use so those would need changing pronto, the list goes on. Failing to tell your users, while saving you some embarrassment does nothing to make things any more secure and eventually people will find out, and they will judge you on how you handled the issue.
As ever, we’d love to know your comments so do post them here or get in touch with us on the phone or via Twitter (@g2support).