Sony’s Shrug Heard Around the World

Posted by Dan Keeney

I have recently started working with a new client in the data security space, so I am trying to refresh my understanding of this highly complex area of technology. I had previously done some work around information security for AT&T both prior to the acquisition by SBC and afterward. While only a few years have passed, the threats have greatly advanced.

What this means for the PR practitioners who are reading is that information security must move up your list of potential vulnerabilities. If you have not refreshed your crisis communications plan in the past year or more, please do so and pay special attention to potential IT issues and the impact they can have on your organization’s ability to operate.

I have been trying to keep tabs on Sony’s response to the cyber attack on its Playstation Network over the past several weeks. It appears to have been a very well planned and highly sophisticated assault intended to gather the personal and financial information of subscribers. Something getting attention in the trades but not mentioned much in mainstream media is that the attack was launched using Amazon’s S3 cloud servers, which is important for at least two reasons I can immediately think of: it suggests that cyber criminals will be using cloud computing platforms to launch future attacks and it makes it exceedingly difficult for authorities to track the wrongdoers.

As seems to be the case every time a Japanese company screws up, the Sony team has effectively shrugged its shoulders and said its executives have done a great job responding to the attack. As far as I’ve been able to gather, they have provided zero insight into what specific preventative steps they took prior to the problem to secure their subscribers’ data and they have not offered specifics about what they are doing going forward to make sure data is secure.

In fact, Sony has effectively dismissed the notion that they CAN secure users’ data, which seems pretty amazing for a company that delivers services via the Web. The video below is from the Wall Street Journal with their technology writers discussing the comments from Sony:

As I said at the front, I am by no means a security expert, but I do know that companies can’t just shrug off responsibility because the crooks are too good at what they do. Companies that provide goods and services via the Internet have a responsibility to provide a safe environment in which customers can do business with them. In the absense of that, they should cease to provide services via the Web.

Remember when Firestone (another Japanese company) spent forever telling us that there wasn’t anything they could do about the blowouts that caused SUVs to tumble down highways like bowling balls? It was Ford’s fault. It was the poor pavement used. It was the poor maintenance. It was the overly aggressive drivers. Ultimately, after way too many accidents and deaths, Firestone pulled all their SUV tires and recalled all of the tires already on the road. They finally had the guts to step back, take dramatic and definitive action to ensure a safe customer experience.

That is the difficult decision that Sony is apparently not ready to make.

P.S. to Amazon and other cloud providers: you have Terms of Service for a reason and you better be able to enforce them. Lawsuits related to the Sony debacle are already stacking up and I would have to think the Amazon has liability, no matter how much they insist that they are just providing computing power and nothing else.

Be Sociable, Share!

This entry was posted on Thursday, May 19th, 2011 at 11:02 am and is filed under Crisis Planning, PR Stories, Public Relations Advice. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Sony’s Shrug Heard Around the World”

  1. psp Says:

    psp…

    […]Sony’s Shrug Heard Around the World | The PR Counselor Is In[…]…

Leave a Comment