Details are still a bit sketchy on the Sony Playstation Network data breach. At this point, it is stil hard to tell if Sony is not sharing details because it is trying to cover something up, or because an investigation is pending and it doesn’t want to give away what it knows, or because it simply has no clue.
Peter Schlampp, VP of Product Management for Solera Networks, commented, “Sony advised customers to be vigilant in keeping an eye on their credit card statements. If Sony had clear details of which customers had been affected by the attack, they would be able to work directly with them. Not knowing the details means that Sony now has to assume that all 77 million accounts were affected. In reality, it may have been fewer than a million, maybe only a few thousand. In fact, it could have been only 10.”
Schlampp added that without decent logging and network forensics, Sony may simply not know what was breached, or how, or when. Organizations need to proactively put network fornsics tools in place. After a data breach, it’s too late.
He summed up with, “Every organization should be waking up to the fact that we are in a new threat environment, and the methods and technologies needed to secure our networks have changed.”