Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users.
Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users.
Strike 3: A third incident took place with the leakage of 2500 users’ names and addresses. SONY admitted that this breach was due to human error on the part of their system management team.
In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or malicious insiders) were the biggest risks to an organization’s security. Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack.
Lessons learned continue to show:
- It is critical for organizations to be more proactive and implement ongoing processes. Reacting to breach incidents is much more expensive than preventing breaches.
- Organizations must conduct periodic routine checks on their systems AND their people AND their third-parties.
- Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information.
- Once-a-year general training is not enough as the risks and threats to our information are constantly evolving.
Sony struck out this month…is your organization going to bat with situational awareness and accountability and ready to adapt to pitches coming your way?