Human Error Leads to Third Strike for Sony

Wednesday, May 25, 2011

Katie Weaver-Johnson



Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users.

Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users.

Strike 3:  A third incident took place with the leakage of 2500 users’ names and addresses. SONY admitted that this breach was due to human error on the part of their system management team.

In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or malicious insiders) were the biggest risks to an organization’s security. 

Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack. 

Lessons learned continue to show:

  • It is critical for organizations to be more proactive and implement ongoing processes. Reacting to breach incidents is much more expensive than preventing breaches.
  • Organizations must conduct periodic routine checks on their systems AND their people AND their third-parties.
  • Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information.
  • Once-a-year general training is not enough as the risks and threats to our information are constantly evolving.

Sony struck out this month… is your organization going to bat with situational awareness and accountability and ready to adapt to pitches coming your way?

Possibly Related Articles:
Network Access Control
Information Security
Data Loss Prevention Due Diligence Employees Sony breach Situational Awareness
Post Rating I Like this!
Rod MacPherson Good info. Hopefully the Sony tie-in will bring in some readers.

Where did you find that stat? "Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack."

I'd like to read the source survey.
Terry Perkins Great info. Though, I think they are at 8 incidents. Thanks for the link.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.