Security is not evidenced merely through the absence of harm.  A harming event may be transpiring in this moment, not yet apparent.     –  a B-TW warning.

You may remember my discussion of Sony’s earlier breach in my article, “Sony is Sorry.”  I don’t mean to be mean, but that can be taken a couple of different ways.

It was an apology, but now Sony is looking to be in rather a sorry state of affairs:  They’ve been hacked again.  Sony in Japan’s customer rewards site was broken into by an intruder, and that intruder stole virtual points worth the equivalent of $1,225 from account holders.  Not a whole lot in terms of theft, but the fact that access was gained is a very worrisome thing – particularly as a follow-on to what happened at Sony earlier.

What happened earlier was the stealing of personal information when the Sony PlayStation network was hacked, as well as Sony Online Entertainment.  

“What we’ve done is stopped the So-Net points exchanges and told customers to change their passwords,” So-Net, Sony’s ISP unit in Japan, said in a statement. 

At present, the company says that the breach seems to be limited, and no accounts are at risk other than those immediately affected. 

The company further states, “At this point in our investigations, we have not confirmed any data leakage. We have not found any sign of a possibility that a third party has obtained members’ names, address, birth dates and phone numbers.”

Unnamed security experts have said that Sony’s world-wide networks remain vulnerable, according to Reuters news agency. 

For that matter, I supposed we’re all vulnerable.  As noted, the mere absence of evidence of something harming is not necessarily a “secured state.”  Only through ongoing survey of systems, and a forward-thinking security posture, can you be reasonably certain that you are secure; that the environment is secured.  Even then, there are no guarantees in this world.

Do your best, and then quickly do better.

Firewalls, intrusion preventions, virus scans, surveys for malware, antispyware, e-mail protection, and so on – are no good if someone is not surveying reports and taking note of the warnings yielded.

Also, you must take note of the successfully thwarted attempts, to remain cognizant of where attempts are coming from and what sort of entities are mounting them - in making best attempt to project and predict where threats are going in their nature, and where they’ll be coming from in the future. 

You need a very proactive, evolving, and agile posture as regards threats and security. 

Ensure that those who are on the forefront of securing your organization get it.

Is Sony sorry?  They said they are…

NP:  Thelonious Monk, Straight, No Chaser.  On CD (cleansing with vinyl later…)