By James Brightman
PlayStation Network remains down, but the bigger problem Sony’s facing is that personal information was stolen from PSN users and the company took a week to inform its customers of the bad news. Sony says that their forensic “experts” didn’t learn of the stolen information until Monday, April 25 and that the company needed that time since they learned of the breach on April 19.
That may not be the complete story, however, according to LogRhythm, a U.K.-based company specializing in log management and network security. “One of the most alarming aspects of this latest major breach is the time it has taken Sony to reveal the extent of the damage,” said Ross Brewer, vice president and managing director, international markets, LogRhythm.
“Sony will more than likely claim that the delay was due to attempts to protect customers while investigations continued; however, like many organisations today, the truth is more likely that adequate log management and forensic analysis was not employed. This kind of protective monitoring is now essential as traditional security products are failing to prevent initial intrusions – organisations require solutions that can analyse 100 per cent of logs, provide accurate correlation of events and a real insight into the root cause of incidents across IT networks.”
The company also pointed to a problem highlighted recently by U.K. security minister Baroness Neville Jones when “she claimed that many organisations miss security threats because they do not know enough about their own systems to understand what normal functioning looks like.” That certainly sounds like it could be the case with Sony’s major PSN breach, if you ask us.
LogRhythm also suggested, based on a recent poll, that Sony may have a hard time attracting new PSN users because of this major fiasco. “An incident this size is sure to have significant repercussions for Sony. Relations with existing customers have been damaged and its ability to attract new ones reduced. Recent LogRhythm research found that that 66 per cent of U.K. customers try to avoid future interactions with organisations found to have lost confidential data, while 17 per cent resolve never to deal with them again.”