Sony PR crisis: yes, but if you’re in IT security sales, lucky you!

May 10, 2011

By Steve Gold (@stevewgold)

Psst—wanna buy 100 million names, addresses, user IDs, passwords, dates-of-birth and large quantities of debit and credit numbers?

You’ve got to hand it to Sony. If ever there was a lesson in how NOT to handle a data breach, Sony’s actions in recent weeks are a case in point.

First the PlayStation Network is hacked, so Sony shuts it down and waits a week before saying anything. Then it says the card database is encrypted, but The New York Times begs to differ.

Then the Sony Online Entertainment Network gets hacked. Allegedly. And a four-years-out-of-date file containing debit/credit details (and some more) is pinched along with a wealth of user credentials.

Four-years-out-of-date payment card details? The PCI Security Standards Council might have something to say about that.

You’d think by now that Sony might have bitten the bullet and offered affected users in multiple countries a 24×7 toll-free helpline and access to a year’s free credit monitoring.

But no. Sony has announced it has hired three different firms to investigate the double whammy of hacks which some news sources now say involves 77 million users of the PSN, two million accounts and about 23400 debit/credit card numbers, around half of whom are outside the US.

What the flip? Does Sony have a public relations department capable of crisis management?

As an editor once said to me in the late 1980s with a wide grin on his face: “My God Steve, that’s a good yarn.”

And it is a good yarn. It’s one that sales and marketing staff can wheel out when warning potential clients of the pitfalls of not installing multiple layers of IT security.

Until this week I would have smiled benignly at such sales tactics, but now I learn that LastPass, a cloud password service with 1.25 million members— including me—has started a master password change process for all its subscribers due to a data transfer anomaly. And then there’s the Epsilon data breach. And the list goes on.  Just because you are paranoid, doesn’t mean they aren’t out to get you, as my old NHS audit boss used to tell me.

I think we are at a crossroads of cybercriminals seriously targeting major corporates and throwing EVERYTHING at the system in the hope of breaking in.

I also think that sales professionals in the IT security industry have got it made—they are onto a winner. Sales bonuses all around.

Yes, I may be cynical, but boy! Those sales guys and girls have got it made. I may even join them…


One comment

  1. […]  It was as one would expect a well crafted email with detail about what happened, what they had done and of course something which Sony didn’t do a number to ring if you think you might be impacted by this data loss. See our comments in our recent story on the Sony incident here. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: