Human Error Leads to Third Strike for Sony

Wednesday, May 25, 2011

Katie Weaver-Johnson

Dd9902bc56a9d85cdc62c00083ea4871

 

Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users.

Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users.

Strike 3:  A third incident took place with the leakage of 2500 users’ names and addresses. SONY admitted that this breach was due to human error on the part of their system management team.

In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or malicious insiders) were the biggest risks to an organization’s security. 

Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack. 

Lessons learned continue to show:

  • It is critical for organizations to be more proactive and implement ongoing processes. Reacting to breach incidents is much more expensive than preventing breaches.
  • Organizations must conduct periodic routine checks on their systems AND their people AND their third-parties.
  • Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information.
  • Once-a-year general training is not enough as the risks and threats to our information are constantly evolving.

Sony struck out this month… is your organization going to bat with situational awareness and accountability and ready to adapt to pitches coming your way?

Possibly Related Articles:
11693
Network Access Control
Information Security
Data Loss Prevention Due Diligence Employees Sony breach Situational Awareness
Post Rating I Like this!
314f19f082e69886c20e31c70fe6dceb
Rod MacPherson Good info. Hopefully the Sony tie-in will bring in some readers.

Where did you find that stat? "Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack."

I'd like to read the source survey.
1306418905
Dd9902bc56a9d85cdc62c00083ea4871
1306419421
C643eec6350152c6c3fbd1288578d98a
Terry Perkins Great info. Though, I think they are at 8 incidents. Thanks for the link.
1306423069
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.