Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

PlayStation Network Comes Online, Hunt for CISO Continues

Over the weekend Sony began a phased restoration by region of PlayStation Network and Qriocity Services, but the company’s work is not done just yet.

Following cyber attack on its data center in San Diego, California, Sony shut down the PlayStation Network and Qriocity services on April 20, to conduct an investigation and make enhancements to its security. Since then, the company has been working with several outside security firms, and says it has implemented new and additional security measures that strengthen safeguards against unauthorized activity.

Over the weekend Sony began a phased restoration by region of PlayStation Network and Qriocity Services, but the company’s work is not done just yet.

Following cyber attack on its data center in San Diego, California, Sony shut down the PlayStation Network and Qriocity services on April 20, to conduct an investigation and make enhancements to its security. Since then, the company has been working with several outside security firms, and says it has implemented new and additional security measures that strengthen safeguards against unauthorized activity.

Sony says it has made considerable enhancements to its data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls. The company also said it also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.

“Today’s cyber crime attacks are proving to be more covert, more targeted and better organized than those we’ve seen in years past. In working with Sony on the move of their data-center, it’s clear they’re implementing measures to reduce security risks moving forward,” said Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec.

But the company seems to have much more work to do in other areas. According to a report from Reuters, Sony’s Internet security has many gaps that go beyond the recent PlayStation Network breach. Security researcher John Bumgarner identified several security gaps across Sony Internet properties including the discovery of an access point to a server running an identity management system that he said controls access to logins and passwords for employees at Sony Pictures Entertainment. Bumgarner also told Reuters that he found names and partial addresses of sweepstakes contestants from an online gift registry and sweepstakes program. Bumgarner also told Reuters that on May 4th he located a server on Sony’s network that revealed names, Facebook IDs and IP addresses of Sony customers that had played games via Facebook. “Sony still has several external security issues that need to be addressed,” Bumgarner told Reuters. Despite identifying potential security gaps, Bumgarner didn’t see any evidence of breaches beyond the recent incident.

Sony is making some additions and changes to its information technology management teams, appointing Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), as acting Chief Information Security Officer of SNEI while the company conducts a search for a permanent CISO for SNEI. As CISO, Mr. Sakai is reporting to Tim Schaaff, president, SNEI, as well as to Shinji Hasejima, CIO at Sony Corporation.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem