This is stunning and way to common according to security experts. There are simple and easy to use technology programs that would have allowed the technology department to see if this was going on. It isn’t clear if Sony didn’t use the technology or ignored it for senior executives. It also isn’t clear if they did or did not have a policy against sharing passwords.
What is needed is an aggressive cyber security program that is perpetual and focuses on continuous improvement. This is an investment, in this day and age, that can’t be ignored.
In the weeks before hackers broke into Sony Pictures Entertainment, the studio suffered significant technology outages it blamed on software flaws and incompetent technical staffers who weren’t paying attention, even as hackers targeted executives to trick them into revealing their online credentials.
Its chief executive was regularly reminded in unsecure emails of his own secret passwords for his and his family’s mail, banking, travel and shopping accounts, according to a review of more than 32,000 stolen corporate emails circulating on the Internet.
via Stolen emails reveal lapses in Sony security practices – Washington Times.
The stolen files expose lax Internet security practices inside Sony such as pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials such as confidential salary and revenue figures, strategic plans and medical information about some employees. Experts say such haphazard practices are common across corporate America.
“Most people who say they’re not doing that are lying,” Jon Callas, co-founder and chief technology officer for Silent Circle Inc., a global encrypted-communications service
While it is important to find out who did this. It is more important to know that it can be done and to protect our corporate information assets from this kind of exposure.