RSS Feed

Related Articles

Related Categories

Sony's Lemonade Stand: What you can learn from their debacle

23rd December 2014 Print

When life hands you lemons, make lemonade. That old expression is intended as an encouragement to find a way to make something good out of the bad things that come our way. Sony has a few lemons to deal with, not just a handful, but an orchard. While it is difficult to imagine that much good can come to Sony from this tear-inducing mess, Sony’s lemonade stand can certainly provide some much needed good to other companies. No one wants to be a cautionary tale. But that is Sony’s current fate. As such, here are a few things you can learn from Sony’s security nightmare that isn’t even close to being over:

Once Bitten, Twice Shy

Another useful expression Sony should have become familiar with is, once bitten, twice shy. The implication is once you have fallen victim to some misfortune, you should be doubly cautious so that it cannot happen a second time. The current Sony data leak making its rounds though the media is courtesy of the second major breach of Sony’s security systems in recent years.

No one wants to blame the victim for crimes committed against them. So let me be very clear: The hackers responsible for this assault are criminals, not folk heroes. They should be prosecuted to the full extent of the law.

That said, Sony also has a fiduciary responsibility to its employees and partners to hold certain information secure. Sony did not do that. They didn’t even perform due diligence with regards to the security measures that every 14 year old tech geek is familiar with. The list of basic measures they didn’t take is so long, it is hard to imagine what, if anything, they did do.

Sony’s password policy was so lax, they kept password files in plaintext in the same directory as password protected files. It might have been better to just leave password-laden sticky notes all over the bezels of the computer monitors. Much has been made over the fact that They allowed simple passwords like, “password123”. But that rather misses the point. Even complex passwords would have been useless because there was a file containing all the passwords that anyone could access, copy, and past. Since password security is one of the most basic lessons, it is safe to say that Sony learned nothing from earlier breaches.

An Un-updated System Is Broken

If it ain’t broke, don’t fix it, is another common aphorism apparently used by the Sony security team as a strategy. Many average, non-security minded users of Windows and Android feel the exact same way about their unpatched, zombie-bot system. Unfortunately, the consequences are much worse for a giant, multinational corporation. 

One of the things we know about the Sony breach is that it was executed via a Windows vulnerability. Had he systems been fully patched and updated, this whole crisis might have been averted. Keeping systems updated and patched is the job of the IT department. 

According to Firewall Technical: 

It does not take long for a business to fall behind on IT maintenance. If a business fails to keep up with things such as patches, backups, upgrades or security it can quickly result in numerous issues.

This is indicative of the kind of IT services Ottawa has to offer. Fellow Canadian companies Nortel and Blackberry could also give master-level courses on network and device security. As Sony is now learning, failure to take IT services seriously can also lead to loss of all sensitive data, and a costly lawsuit.

Measure Twice, Cut Once

An amateur carpenter creates a lot of unstable pieces because he didn’t take the time to measure carefully in the beginning. Clearly, Sony did not take the time to build security into its vast infrastructure from the beginning. The only way for them to fix their problems is to gut the whole works, and start completely from scratch.

The time to carefully measure your security needs is at the beginning. Attempting to bolt on security after the company has already grown too big will only lead to disaster. Enjoy your lemonade fresh from the Sony stand, and learn the lessons well. It is always best to drink someone else’s lemonade, than to be the one squeezing the lemons.