Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Sony Battens Down the Hatches for PlayStation Network, Hiring CISO

Following a cyber attack that resulted in the personal information of more than 75 Million PlayStation Network and Qriocity customers falling into the hands of hackers, Sony has shared some additional details on what it has done in response to bolster security and attempt to ease the minds of customers.

Following a cyber attack that resulted in the personal information of more than 75 Million PlayStation Network and Qriocity customers falling into the hands of hackers, Sony has shared some additional details on what it has done in response to bolster security and attempt to ease the minds of customers.

PlayStation Network SecurityAfter the discovery of the attack, Sony shut off access to the PlayStation Network and Qriocity services while it conducted an extensive audit of its systems with the assistance of multiple information security firms in an attempt to determine the extent and details of the breach that occurred at the company’s data-center located in San Diego, California.

Since then, the company has implemented a variety of new security measures to provide greater protection of its systems that store personal information. Some of the security measures Sony has implemented include the following:

• Added automated software monitoring and configuration management to help defend against new attacks

• Enhanced levels of data protection and encryption

• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns

• Implementation of additional firewalls

• Expedited a planned move of the system to a new data center in a different location that has been under construction and development for several months.

• Implemented a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service.

Advertisement. Scroll to continue reading.

• As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.

In addition, Sony Network Entertainment International said it is creating the position of Chief Information Security Officer, who will report directly to Shinji Hasejima, Chief Information Officer of Sony Corporation, to bring expertise and accountability for customer data protection and supplement existing information security personnel.

This recent incident, combined with also recent data breaches such as the breach at Epsilon, further emphasizes the fact that security needs to become more proactive, rather than reactive. With the PlayStation Network and Qriocity services storing the personal data of over 75 million customers, the division should have had a Chief Information Security Officer looking over the unit long before this event occurred.

Sony has also been heavily criticized over the length of time it took to identify the extent of the breach and make the appropriate adjustments. Industry experts criticized Sony’s information security practices, saying the entertainment giant should have had the capabilities to easily look through its logs to identify sessions that occurred when data exposure occurred. Because the PlayStation Network stores credit card data, it must comply with PCI standards and have log management tools in place, but the company wasn’t able to quickly make use of the collected data in a reasonable timeframe, critics say.

Industry vendors and experts say that Sony should have had the appropriate tools in place that would enable it to identify a breach almost immediately, allowing it to identify exactly what had been compromised (if anything) in short time.

“The Sony PlayStation Network breach reminds us of the importance of log management tools and that they are far more useful than just meeting checkbox compliance for PCI and other regulation,” said Joe Gottlieb, President and CEO of SenSage, a company that provides security intelligence solutions primarily based on log management data. “When organizations are proactive and use these tools to filter security events, they can find the patterns that lead to breaches like this one,” Gottlieb added. “Using log management allows organizations to understand, triage and put a boundary around the risks.”

Aside from a pure security perspective, Gottlieb believes log data and the appropriate tools to make sense of the data is important from a disclosure and PR perspective. “In the case of any breach, the more data that is being logged, the better – it can help the breached organization put a definitive boundary around the breach which in turn limits disclosure damages and costs and allows for more proactive handling of the ensuing PR challenges,” he said.

“There is lots of survey data out there that tells companies they need to be more proactive when it comes to securing their data. The recent Verizon Data Breach Investigations Report (DBIR) says that evidence of breaches are right in front of us – in our log files. Companies can be much more self-aware based on good log filtering and analysis. They have a pretty major weapon in the arsenal but aren’t being proactive enough to use it,” Gottlieb added.

As you would assume, many of these vendors are looking to sell their security solutions and are more likely to be more vocal about what tools breach victims should have in place, but the bottom line is that a company that houses massive amounts of data containing the personal information of its customers should be better prepared to respond to such incidents. Letting users sit and wonder for almost a week is unacceptable.

Following the implementation of the increased security measures, Sony said it would will shortly begin a phased restoration PlayStation Network and Qriocity services, by region, beginning with gaming, music and video services being turned on. In addition, the company said it would be launching a customer appreciation program, offering consumers a selection of service options and premium content for registered consumers affected by the network downtime.

Sony said it is still conducting an on-going investigation and that it’s working with law enforcement to track down and prosecute those responsible for the intrusion.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.