Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Access Management

Losing $2 Billion

By Bernard J. Scaglione
Ben Scaglione
July 1, 2011

Sony’s PlayStation Network is reported to have 70 million registered users worldwide. On May 2, 2011, Sony issued a statement that 12,700 credit cards and 24.6 million user accounts were compromised. The stolen data included names, addresses, dates of birth, passwords, security questions and answers and credit card information.

This compromise is said to be one of the largest and most high-profile online data thefts to date. The theft raised major concerns in the industry because many people use the same password for all of their online services. In addition to Sony, online retailer Play.com in March of this year informed customers that someone or some group hacked into its computer systems and stole e-mails and personal information. In January, cosmetics company Lush admitted that credit card data belonging to customers had been stolen.

So why are we hearing about so many companies being hacked? Are they controlling access into their computer systems effectively so that they can identify unauthorized entry? Sony faced many questions about how it handled the theft of its confidential data partly because initially Sony indicated that there was no evidence that credit card data had been obtained.

Serious data breaches are primarily the result of persistent hackers whose aim is either the destruction of systems or the collection of financial data to use for illegal purposes. In the advent of Sony’s woes, it is clear that better control of virtual systems and the identification of illegal users is necessary in order to reduce possible breaches into computer networks. Not any different than the physical security world, the virtual security world needs to have strong access control and identification protocols in order to detect and defer intruders who try to access computer systems illegally.

In Sony’s case, the lack of access control and identification of unauthorized users cost them an estimated $2 billion. Its lack of control and identification cost it customers who switched systems so they could continue to play games online, the loss of revenue from their online store that was down for about a month and the cost of three forensic computer teams required to identify breaches and determine the extent of the stolen data. In the case of Sony, news reports indicated that the reason for the attack may have been due to outdated security software. In addition, the version of software that Sony ran was known to contain errors that could permit unauthorized access.

The key to reducing attacks through identification and access control processes starts with an assessment of prevention systems, the continued updating of software and preventive systems and the consistent and regular audits of systems. Access control means firewall deployments with insurance that the current rules and processes are maintained. Provide secure remote access with strong authentication techniques. Establish an effective identity and access management strategy that focuses on single sign-on capabilities. Establish guidelines for developing secure applications that include threat modeling, code reviews and security testing. A final consideration might be to investigate technologies such as Encrypting File System to encrypt and protect business-critical files, the use of multi-factor authentication techniques such as smart cards or biometrics for critical accounts, or even developing a strategy for rapidly deploying the latest updates to all operating systems and applications.

Monitoring and auditing is key to network security – a secure environment requires a proactive strategy that includes audit networks and identification systems configured in ways that will identify users and systems that do not meet standards. Include the regular review of client and server logs to look for attack patterns. Install intrusion detection systems to monitor access of business-critical systems and to help identify portions of systems that have been compromised. Look at all aspects of electronic communication and data manipulation throughout the IT enterprise, including all instant messaging, file transfer, chat, e-mail, online meetings and webinars, plus all data creation, change, storage, deletion and retrieval.

Important to access control and identification is the establishment of an incident response process to help minimize adverse effects to network and collect data to help network security teams better secure systems against future threats. Network administrators should use a backup and recovery strategy to restore services and data quickly by utilizing a local standby server or a remote server to software applications. Use the latest quarantine technologies and update systems on a regular basis with the latest virus and hacker information. Install current patches on a regular basis. Conduct disaster drills, business continuity exercises, validation testing and for larger systems maintain a full-time consultant who is an expert at breaching systems.

Because many companies have not taken the security of their networks seriously, breaches have cost them and their customers billions of dollars. In the case of Sony Corporation, it is clear that even the excessive purchase and installation of software and the hiring of virtual security personnel would have saved them $2 billion.  

KEYWORDS: cyber security data theft hackers Sony's PlayStation Network

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bernard J. Scaglione, CPP, CHPA, CHSP, is a principal partner at The Security Design Group in New York City. He has 30 years experience in the security field. Ben is Chairman of the ASIS International Healthcare Council and president of the New York City Metropolitan Healthcare Safety and Security Directors Association. He is a member of the training council for the International Association for Healthcare Security and Safety and is an accomplished author writing for ASIS, the International Association for Healthcare Security and Safety and Lawyers and Judges Publishing. He currently teaches re-certification classes for licensed architects and professional engineers at the Platt Institute in New York City.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Using Access and ID Control to Prevent Workplace Violence

    See More
  • Bernard J. Scaglione

    Workplace Violence Prevention Revisited

    See More
  • Improving the Dependability of an ID Program

    See More

Related Products

See More Products
  • GSEC.jpg

    GSEC GIAC Security Essentials Certification All-In-One Exam Guide, 2E

  • SSCP.jpg

    SSCP Systems Security Certified Practitioner Practice Exams

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!