If we hadn’t already learned to protect our data, surely the previous six months would have changed this.
There have been many recent breaches, many of which are attributed to Anonymous and LulzSec, and companies like Citigroup and Sony have suffered major losses because of it.
The breach at the Sony PlayStation Network is a perfect example of having poor security measures, unsecured and outdated software, and to put it bluntly, turning a blind eye to obvious warning signs.
It is crucial that we learn why it happened, in hopes of avoiding a repeat.
A couple years ago, a security company ran tests on the PlayStation 3 system, and it became quite obvious that the expertise of the designers was in embedded systems, and not with internet-based systems.
The performance of the application was superb, but the underlying security was nowhere near that standard.
The Sony PlayStation Network went from being an embedded, closed system provider to an internet and web services content provider. The big problem was that upon making this switch, it became clear that they were totally clueless on the intricacies and differences between the two.
Their servers operated an outdated version of software which had documented vulnerabilities, including the ability to encrypt data communication, but the inability to stop unauthorized access. The hackers merely identified the software vulnerabilities and took advantage of them.
The problem is compounded by the failure to understand the expansion of the attack service, and how gaming applications became exposed.
If there is a moral to be had here, it is that organizations will never be able to prevent attacks if they do not know how to mitigate threats in the first place.