15 Apr 11
What does the future hold for Sony?
Technology giant goes from hero to zero
In the “good old days” there was 2-player Pong, the first commercially successful video game. Many an hour was spent in front of the black and white screen. Consoles evolved up to four players but, barring a few 8-player game innovations (anyone remember having two players sharing a joypad? Check out Micro Machines on the SNES if not), generally you could only have yourself and three friends playing at once. That is until 2002 when Microsoft brought the Xbox online and with it allowed potentially millions of gamers to play against each other. Who could have foreseen that 9 years later this development could end up costing Sony $171 million (according to the company itself)?
When Sony first launched the PlayStation in 1994 they were lauded for their ingenuity and how easily games could be developed for it. Such was the success, they went on to sell over 100 million units. This was followed up by the PS2 in 2000 which exceeded even its predecessor and shipped 150 million units (as of early 2011). Whilst the PS3 has not been so well received (thanks in part to its high price tag and in part to a much more competitive market), it has been critically acclaimed and it has shipped 50 million units since 2006, which is still a phenomenal success for a gaming console. Sony, it would seem, were on top of the world until April 2011.
Between April and May 2011, Sony may well have had more bad press than any company in such a short space of time. I’m sure everyone is aware by now that Sony have lost personally identifiable information (PII). But how much have they really lost and is it all doom and gloom?
Sony has had two major breaches and a number of more minor ones and by “minor”, we mean that no-one is currently sure what was compromised in those breaches. The largest loss of data they have suffered is from the hacking of their PlayStation Network (PSN). This is the area on which gamers go to play against each other and this compromise has affected 77 million users. The other major security breach related to the Sony Online Entertainment (SOE) division, which is similar to PSN but for PC gamers. This compromise has affected 25 million users. Amongst the more “minor” breaches, they have suffered a breach on the Greek Sony Music Entertainment website, affecting 8,500 Greek users and the Indonesian and Thai versions of this website were also hacked, although there is nothing to indicate any information has been leaked from these.
Sony itself has said that the PSN breach could cost them $171 million. This is despite the fact that the credit card details were encrypted and Sony is confident the encryption will stand up to scrutiny. Plus, Sony has already been hit with a class-action lawsuit in Canada (seeking $1 billion of damages) and a potential class-action lawsuit in the US. Defending these is only going to add to the cost that Sony will have to stump up. In essence, whilst the amount of PII compromised is not at the top of the table, the cost of this breach is probably going to be more than ever for a data breach.
So what could Sony have done to better protect itself against security breaches and all the bad publicity that goes along with them? Perhaps not much. Hackers are constantly looking for ways to beat the system, making information security constantly at risk. That doesn't mean its not worth giving it a shot, however. Beefing up data protection and encryption and adding automated software monitoring and configuration management to systems is one place to start for any company. Sony is implementing this now and has created a position for a chief information security officer to help protect against future breaches. And the second, equally important protection to put in place is acquiring insurance to cover against hack attacks and for the event of loss of PII in case those front-line defences fall through.
Now, it may be easy to berate Sony for not putting up better initial protection for their customers' private data, but we must all bear in mind that Sony is a victim in all of this and they have suffered significant losses, both financially and in reputation. The console golden-child that was Sony has fallen on its sword and the question now is how it will recover. There are many rumblings from gamers that they will be boycotting Sony in the future, but this remains to be seen. In the end, we're all at risk and the Sony breach only proved that no one is immune.
Stefano Spagnoli
Technology Underwriter