Blog Post
What can we learn from Sony’s repeated data breaches?
By now, anyone with an internet connection or access to a newspaper knows that hackers are bringing the rain down on Sony. Multiple hacker groups are making wild threats to Sony's management, and they have the bargaining chips to back up their demands.
The details aren't important here- there are a million other articles out there which give very detailed play-by-plays of this data breach. What we are going to cover in this post is ways you can ensure that your company doesn't have to suffer the way Sony is now.
One common saying in regards to data security is that getting hacked is inevitable- it's going to happen to every organisation eventually, it's simply a matter of when. What you do have control over is whether you can fix the vulnerabilities you had to prevent future hacks, and how much data you lose in the breach. Sony has suffered on both counts, and have found themselves falling victim to hacking multiple times.
A big IT security budget isn’t the solution.
Gizmodo reports that Sony was hacked repeatedly with the exact same attack methods in different divisions and network sectors. Hackers love going for easy targets, and as demonstrated multiple times, if the same organisation has multiple entry points, Hackers will gladly take a second and third bite of the apple if there is more to gain. However the alarming issue to consider here is, if Sony - a large global company with over 60 billion USD in annual revenue, 40,000 employees and a sizable IT security budget still suffered a breach: what does that mean for the rest of us?
The common theme were seeing across all breaches whether publicly reported or those known only within closed forensics industry circles is that spending large sums of budget on the latest and greatest technologies doesn’t prevent a data breach. Far more can be gained by getting the basics right first.
Its a case of understanding where to focus your efforts, and where you’re simply wasting your time, and you’re (often limited) budget.
Reducing Data Loss
Breaking into a system is only half of a hacker’s job- they still need to be able to find the data they are looking to steal, assuming there is any. The Sony breach was reported to be incredibly easy for hackers to find the sensitive data they were looking for - apparently, thousands of passwords were kept in a folder named “password”.
So what can we all learn from this? Well for starters, having an inventory of all the data you have that hackers might want to get their hands on is a big step in the right direction. This includes employee data, credit card numbers, and any other kind of sensitive data. After which, take measures to ensure that unnecessary data is properly disposed of, and sensitive data is encrypted. It sounds very troublesome, but we can assure you that it’s a lot less troublesome than dealing with a large-scale cleanup in the event you suffer a data breach.
In this regard, Ground Labs’ Data Discovery Tools offer an easy and rapid way of reducing the likelihood of a data breach should intruders breach your defenses. For larger environments, Enterprise Recon helps prevent data loss by searching across your entire network for stored sensitive data including emails, databases and many more locations.
The entire process is quick, thorough, and not labor-intensive, leaving you time to run the many other important facets of your business.
Don’t just take our word for it- try our Enterprise Recon, and see for yourself how easy it can be to find and safeguard sensitive data on your own network.