5 Ways Consumers Can Protect Against Another Sony Breach
President & CEO
shot heard ‘round the world”… Sony has admitted that
hackers broke into its PlayStation Network making off with the personal
information of more than 77 million members. The breach is being called
the fifth largest data breach in history, according to Datalossdb.org,
and is making headlines everywhere.
So what is the impetus for the attack? According to threatpost.com,
speculation is that Anonymous, a collective of hackers, targeted Sony
as retaliation for the company’s legal actions against individuals who
cracked content protection technology for the PS3 and other products.
My take: striking a a hornet’s nest with a baseball bat is never a good
idea. Sony’s heavy-handed approach to defending its intellectual
property has triggered the “nuclear option” with those that it engaged.
Perhaps Sony could learn a few lessons from Microsoft in how it has
handled XBOX 360 and Kinect intellectual property.
Turning my attention to the 70 plus million people whose personal
information has been compromised, here are my suggestions for ways
everyone can protect themselves moving forward:
1) Don’t provide your true DOB or other personal
this type of vendor (i.e. online
2) Use a throwaway email account.
3) Use an anonymous payment card for these
types of online
transactions; many card
issuers provide these temporary “virtual
account numbers” online.
4) Use a unique password for every site.
5) Always assume that the company gathering
information is incompetent at
securing the data;
consider what you
with them and how you are
going to recover
your personal identity
after they lose your
The Sony breach is a clear example of what is wrong with the cloud –
too much data centralized into a single point and the total lack of
transparency of the internal security used to protect it. This is a
clear warning that all consumers can expect their most sensitive
information to be compromised due to the incompetence of those who seek
to reduce costs through haphazard cloud deployments. You’ll hear more
from me about cloud security in the future.
What are your recommendations for consumers and what do you think
Sony’s next move should be?
me at: firstname.lastname@example.org. You can also follow me
on Twitter: @liebsoft or connect with me via LinkedIn.
You can also read a version of this article in The
Wall Street Journal.
Tip of the Month
Privileged Account Credentials
Did you know that Enterprise
Random Password Manager (ERPM) can
help continuously strengthen the security of your ASP.NET applications?
New in Identity Week
commentary on our Identity Week blog this month includes:
- Fallout from WordPress Root Level Attack
Not as Bad as it Could Have Been. Reports that hackers gained
root-level access to the servers of WordPress.com means that the
popular blog publishing platform has now joined the long list of
companies whose portals have been hacked. But, had it not been for a
sensible IT security approach at the company, the fallout could have
been a lot worse...
Events / Press /
Philip Lieberman, CEO and founder of Lieberman Software.
InfoSecurity.com. Infosecurity’s Drew Amorosi caught up with
Phil Lieberman at last month’s Infosecurity Europe show in London to
discuss how security – and his company – have changed over the last
decade plus, and the challenges facing the market going forward.
auditing standards a help in keeping cloud deployment safe?
CloudPro. The SAS70 auditing standard for third-party providers
is a massive fraud, says Phil Lieberman of the eponymous Lieberman
Software. SAS 70 is widely used in the US as an indicator of the
reliability of service providers and is beginning to be used in the UK
– although it is early days over here and the standard doesn’t have the
same degree of recognition.
information of 25 million additional Sony customers compromised.
SecurityPark.net. Phil Lieberman, CEO and founder of Lieberman
Software gave his viewpoint on the Sony PSN hack and how to protect
yourself from similar breaches: "Taking a baseball bat to a hornet’s
nest is never an advisable strategy. Sony’s strategy in defending its
intellectual property was heavy handed and has triggered the “nuclear
option” with those that it engaged.
Data Breach Tally Rises to 101 Million Users. eWEEK.com. There
are “no consequences” for companies that “under-invest” in security,
Phil Lieberman, CEO of Lieberman Software, told eWEEK. As such, users
should “always assume” that companies asking for personal information
are “totally incompetent at securing the data,” Lieberman said.
Says PlayStation Credit Card Data Was Encrypted. InformationWeek.
Security experts believe that the lack of details around this
announcement shows that consumers may still be at risk of this data
being used by whoever hacked Sony. Word of the hack came earlier this
week. "They're not certain credit card data wasn't lost," says Phil
Lieberman, CEO of Lieberman Software. "The only statement they made was
that credit card data was encrypted, which is a requirement of
a Long Road to a Secure Cloud. Cloud-Strategy Magazine. When
it comes to cloud computing, the security and compliance landscape is
riddled with pitfalls and continues to shift. During the recent RSA
Conference in San Francisco this viewpoint seemed to dominate the
conversations between IT professionals, industry analysts and others
who study the security industry.
Control Problems for World Wide Cloud. IT Pro Portal. The
World Wide Cloud (WWC) will have to overcome a number of challenges
before it can be proper entity. Many are predicting that the
World Wide Cloud will be the next disruptive technology building on the
World Wide Web.