Nissan 370Z Forum - View Single Post

ElVee · 06-29-2013, 09:09 AM

Oh! Oh! We've brought up Sony's security!

Being a part of the infosec world, I could argue this both ways (which is why I usually don't bring it up).

I can argue that Sony getting hacked gives them a strong lesson on how to do it wrong. But, much like security in a house is improved right after a break-in, Sony's security may have improved to shore up those issues. Sometimes it takes a kick in the pants to spark some action rather than just wishful thinking.

On the flip side, though, a break-in like that and how they handled it probably indicates an endemic problem with security, monitoring, customer assurance, uptime, etc. So while they may have overcome that hurdle in the moment, they may just not have the talent or interest in investing further into security until something else happens. If the answer to "Why secure your sh!t" is "To avoid costly downtime for our customers," then your head is still in a slightly wrong place. (In other words, security incidents that don't involve downtime or otherwise are obvious to users are hushed up...)

Then again, most companies are the same way until they are either burned or have some strong internal interest in security as an advantage/need in their industry.

In the software world, Microsoft's Windows is a far more secure product for all the attacks and attention it gets. But Adobe's products (PDF junk) and even Oracle's Java are constantly attacked and patched but are no better for it, because of endemic corporate issues and lack of caring about security in the original products.

06-29-2013, 09:09 AM	#226 (permalink)
ElVee Track Member Join Date: Mar 2013 Location: Iowa Posts: 750 Drives: 13 370z 7at t+s grey Rep Power: 16	Oh! Oh! We've brought up Sony's security! Being a part of the infosec world, I could argue this both ways (which is why I usually don't bring it up). I can argue that Sony getting hacked gives them a strong lesson on how to do it wrong. But, much like security in a house is improved right after a break-in, Sony's security may have improved to shore up those issues. Sometimes it takes a kick in the pants to spark some action rather than just wishful thinking. On the flip side, though, a break-in like that and how they handled it probably indicates an endemic problem with security, monitoring, customer assurance, uptime, etc. So while they may have overcome that hurdle in the moment, they may just not have the talent or interest in investing further into security until something else happens. If the answer to "Why secure your sh!t" is "To avoid costly downtime for our customers," then your head is still in a slightly wrong place. (In other words, security incidents that don't involve downtime or otherwise are obvious to users are hushed up...) Then again, most companies are the same way until they are either burned or have some strong internal interest in security as an advantage/need in their industry. In the software world, Microsoft's Windows is a far more secure product for all the attacks and attention it gets. But Adobe's products (PDF junk) and even Oracle's Java are constantly attacked and patched but are no better for it, because of endemic corporate issues and lack of caring about security in the original products.