Even before the epic attack on its systems at the hands of the Guardians of Peace, Sony Pictures Entertainment (SPE) was having to put out a not insignificant number of digital fires. That’s according to a leaked security audit in the files nabbed in November.
In a 25th September letter delivered to Jason Spaltro, senior vice
president of information security at Sony Pictures, it’s noted that
Sony’s Global Security Incident Response Team TISI +0.76%
(GSIRT), which monitors systems across the entirety of the electronics
business for threats, “escalated 193 security incidents to SPE Corporate
IT” between 1 September 2013 and 30 June 2014. One more was escalated –
IT speak for informing a department that they need to look into an
attack or other security issue – to Internet Systems Technology, a unit
within the IT department at Sony Pictures. An alert on one other
potentially serious issue was delivered to the Imageworks team.
GOP hacks Sony?
It’s impossible to say just how serious those incidents were. But
Sony has had various serious security issues this year outside of the
GOP attack. Sony was hacked earlier this year when contact information on
749 “individuals associated with theaters in Brazil” was stolen over the
SpiritWORLD network that Sony uses to shift media across the globe. VP
of legal compliance Courtney Schaberg said in an email
that Sony wouldn’t be disclosing the breach, even to those affected,
because of a lack of breach notification rules in Brazil, “the limited
data fields involved and… the fact that notifying would not likely have
much effect in terms of mitigating potential damages”.
It’s rarely a good idea to keep IT teams that are supposed to protect
a single business in siloes. It opens up gaps, as it did at Sony.
Though it’s positive Sony has a dedicated global incident response team,
it’s apparent the company was open to attack. And it’s now suffering as
a result.
0 comments:
Post a Comment