Between April and May 2011, Sony Computer Entertainment’s online gaming service, PlayStation Network, and its streaming media service, Qriocity -plus Sony Online Entertainment, the company’s in-house game developer and publisher -were hacked by LulzSec, a splinter group of Anonymous, the hacker collective.The online services were shut down between April 20 and May 15 as Sony attempted to secure the breach, which put the sensitive personal data for over 100 million customers at risk.The PlayStation Network suffered multiple kinds of attacks. One was a classic data breach -the release of otherwise secure information. The second was a distributed denial-of-service attack, or DDoS, that left the network inaccessible to gamers.It is suspected the …show more content…
While this method fixed the attack inthe short term, it did not help in the long-term as Sony got hacked again. In addition, employees are a big weakness. Most attacks are a result of spear-phishing campaigns, highly personalized emailsthat make the target more likely to click on the link, whichcould contain malware. There needs to be more trainingfor employees in the cybersecurity space. Employees need to realize that they are their own chief security officers and that most of the attacks that occur now exploit humans’psychological vulnerabilities.To prevent future attacks from happening again, Sony needs to take a more proactive approach. The company should utilize the Advanced Persistent Threat(APT)frameworkas the hacktivists most likely used APTto get into Sony’s systems. Sony had been hacked before by Anonymous and should have known it was a target for these hacktivists. It should also reorganizeits organizational structure so that there is more sharing in cybersecurity. In addition, employees need to be trained better so that they don’t fall for social engineering techniques. Lastly, security should be considered in every step of the design process so that Sony won’t be as vulnerable to attacks.2. Based on SEC guidance to make appropriate disclosures, list and prioritize what information Sony needs to include in its communication response.Sony should discuss the risk factors. The company should disclose
The Minneapolis based Target Corporation announced in December that criminals forced their way into the company’s computer system. The data breach compromised 40 million credit and debit card accounts of customers who shopped during the holiday season between November 27 and December 15, 2013. The data captured was far broader than originally imagined as hackers gained access to 70 million customer’s personal information including names, home addresses, telephone numbers, and email addresses. Additionally, expiration dates, debit-card PIN numbers, and the embedded code on the magnetic strip of the card were stolen.
Hacking into large companies or agencies to steal one’s card information has become simple. Lewis (2013) says that, “Hacking is incredibly easy; survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques“(p. 1). On November 27, 2013, Target’s security was breeched when forty million credit and debit cards were stolen. The breach lasted from November 27 to December 15, 2013.
The length of the hack is still unknown, though evidence suggests that the intrusion had been occurring for more than a year, prior to its discovery. The hacker’s involved claim to have taken over 100 terabytes of data from Sony. [11].
Equifax is a global information solutions company that uses trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.
Computer crime has been an issue since the beginning of computers. Wherever there is something good, there is always someone who takes advantage of it. This can be seen in cyber crime, which has been on the rise in recent years. According to the Los Angeles Times, the median cost of computer crime to a company per year has risen from $3.8 million dollars in 2010 to $5.9 million. (Rodriguez, 2011) This suggests that computer crime is becoming an even bigger hazard to companies. A recent example of this was the data breach committed against Target in 2013.
There is constant concern about different kinds of devices and tools because of their vulnerability: laptops; personal computers in the home; libraries and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security.... ... middle of paper ... ...
Staff, A. (2011). Lulz? Sony hackers deny responsibility for misuse of leaked data. Retrieved 11 17, 2013, from arstechnic.com: http://arstechnica.com/tech-policy/2011/06/lulz-sony-hackers-deny-responsibility-for-misuse-of-leaked-data/
Sony Corporation is a multination conglomerate corporation headquartered in Tokyo, Japan , and one of the world's largest media conglomerates with revenue of US$88.7 billion (as of 2008) based in Minato, Tokyo .
February-The now infamous DDoS attacks against websites like Yahoo, eBay, CNN, and eTrade took place, leaving the sites offline for hours.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
...earn from other companies who have been involved with the breaches on how to protect information. Training employees on HIPAA, policies and procedures would help mitigate risks to unauthorized access to information. Meeting the requirements set by HIPAA will protect the company, the employees, and the people private information within the company computer network.
attempt to force a network offline and unavailable to its intended users. This process is typically performed by flooding a network with communication requests until the server cannot respond to the traffic, thus making the server go offline and become available. This process is relatively simple to perform to the average person through online programs. Since it is so easy perform, it has become a rising issue simply because anyone has the ability to hack into various servers. One example in recent news of DDoS attacks comes from Riot Games, developer of the popular online multiplayer video game League of Legends. After a month of inconsistency with their server stability and frequent shut downs, Riot Games reported that within the l...
Implement physical security: - “Physical security protects people, data, equipment, systems, facilities and company assets” (Harris,
the risk of security incidents and breaches is reduced by encouraging employees to think and act in more security conscious ways;