In the 2011 Sony hacker case, cybercriminals breached the Sony PlayStation network and stole sensitive information on millions of Sony customers. The loss that Sony incurred following this incident underscored the importance of understanding cybersecurity at the management level. This case study will evaluate the impact of the hacking incident and discuss the how the issue of cybersecurity impacts businesses and society as a whole.
In April 2011, hackers caused widespread disruption when they breached Sony security networks and stole data on the company’s customers. According to the Wall Street Journal, the hackers stole the names, birth dates, and credit card information of approximately 77 million customers who played online games with the Sony PlayStation consul (Wingfield, Sherr, & Worthen, 2011, p. A1). The incident cost Sony $171.7 million dollars in cleanup costs in the one-year period following the security violation (“Sony Says Hacker Attack Cost,” 2011). Though little attention has been paid to individual reports of identity theft, Sony attempted to curtail the problem by offering identify theft insurance to users affected by the incident (Osawa, 2011). Further compounding on Sony’s security vulnerabilities, a subsequent attack was carried out in 2011 that impacted the data of Sony customers in Canada, Thailand, and Indonesia (“Sony Hit by New Hacker Attacks,” 2011, para. 2). These incidents served to erode consumer confidence in Sony and highlighted weaknesses in the company’s security infrastructure.
Because hackers are changing their approaches to bypassing security, it is important for companies to remain vigilant in preventing cybercrimes. However, as risk manager consultant John Wyatt notes, it is impossible for any company to obtain complete security (Duff, 2011). Companies will have to learn to live with their vulnerabilities and continually manage new risks. Security experts also note that management must become involved in establishing security strategy, rather than simply outsourcing security measures to technical experts. Further, it is advised that managers understand methods that cybercriminal use to steal information through phishing attacks that are disguised as legitimate emails from a company. In order to effectively manage risks, it is important for all levels of the organization to become educated on cybersecurity applications and risks within the company.
The Sony Hacker case also calls into question the manner in which the legal system addresses hacking. As forensic data analyst Nicolas Mallison notes, many hackers can be described as “young and brilliant.” Thus, many assert that hackers should be directed towards beneficial activities rather than prosecuted. However, prosecuting hackers to the full extent of the U.S. cybercrime law is necessary in order to deter future acts. As the Sony case demonstrated, hacking is not just a harmless prank; real economic consequences result from hacking incidents. Also, businesses have a shared obligation to immediately notify their customers and shareholders when a hacking incident takes place. While businesses may fear that panic will result in lost customers and sales, the backlash for hiding information from the public will be more severe and the company may be legally liable for their failure to notify consumers that their information was stolen. Ultimately, both shareholders and customers have the right to know when an event that occurs within the company is of personal consequence to them.
While I have never had my identity stolen or my credit card used fraudulently, I have received many suspicious e-mails that have asked me for personal information. Fortunately, I have not received any phishing e-mails to my knowledge, as I believe that those would be the most difficult types of fraud to spot. Though I do not check my credit report often, this case has revealed the importance of regularly checking my report. As the Sony case demonstrates, individuals cannot rely on corporations to alert them when their personal data is at risk.
Duff, A. (2011). Cyber crime: Are you at risk? Director, 65(4), 52-54. Retrieved from http://www.proquest.com
Osawa, J. (2011, May 9). As Sony counts hacking costs, analysts see billion-dollar repair bill. Wall Street Journal. Retrieved from http://www.wsj.com
Sony hit by new hacker attacks. (2011, May 25). Internet Business News. Retrieved from http://www.proquest.com
Sony says hacker attack costs it $171.7 million. (2011, May 24). The Washington Post, A17. Retrieved from http://www.proquest.com
Wingfield, N., Sherr, I., & Worthen, B. (2011, April 27). Hacker raids Sony videogame network. Wall Street Journal, A1. Retrieved from http://www.proquest.com