Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

PlayStation Network: will this be the largest online corporate disaster ever?

The crisis at Sony’s PlayStation Network has moved on from being an availability incident to a full scale corporate disaster.

For the past few days the story that Sony’s PlayStation Network has been unavailable to gamers has been headline news. Now the crisis has moved on: what started off as a ‘simple’ denial of access attack has hit the headlines again, with the admission by Sony that between April 17 and April 19 an ‘llegal and unauthorized intrusion’ into the company’s network resulted in PlayStation Network and Qriocity user account information being compromised.

The scale of the data loss is huge, with Sony stating that stolen information includes the following user details: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login and handle/PSN online ID. It is also possible that profile data, including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers may have been obtained. Sony also says that ‘while there is no evidence that credit card data was taken at this time, we cannot rule out the possibility’.

In response to the incident Sony has taken the following actions:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Taken steps to enhance security and strengthen network infrastructure by re-building its system.

From a business continuity view this incident clearly demonstrates how important information security management is and why it should be seen as a central aspect of business continuity management systems. ISM is not just a technical issue: when information security incidents happen they can be hugely damaging to customer relationships, to corporate reputation and to profitability.

The Sony story will run and run. Will it become the largest online corporate disaster ever? Time will tell, but the probability of this is high.

Make a comment.

Reader comment

The recent cyber criminal attacks on the internal IT infrastructure of organisations including Epsilon, RSA and now Sony, could actually prove to be the tipping point for an avalanche of future attacks unless enterprises change their approach to protecting their valuable customer data.

For many years IT departments within enterprises have focused on protecting the end point, the devices which employees are using to access data. Unfortunately these recent cases prove that cyber criminals have many ways of beating this level of IT security to get their hands on the information they want.

It’s now imperative that businesses take greater responsibility to protect the data itself - and the access points to that information – before it’s too late.

Colin Woodland, VP EMEA, IronKey.

•Date: 27th April 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here