The Sony hacking scandal could lead to a talent drain at the company
An issue Sony must deal with is whether the November hacking scandal will result in current and future employees being so concern about being the victims of identity theft that they head for the door marked exit.
The security breach resulted in approximately 47,000 employees’ social security numbers, salaries, and private emails being leaked on-line.
Sheila Marikar, who works at Sony, wrote in an article for Fortune Magazine that her co-workers are so concerned about being the victims of identity theft that they have changed their banking account information and hired the security firm, Life Lock, to secure their on-line information.
Mike Fleming of Deadline asked Amy Pascal, who is a board member of SONY Pictures, if the release of the employees’ social security numbers and personal emails would hinder SONY Pictures’ ability to retain and recruit employees.
Pascal responded that she didn’t believe the security breach would lead to Sony loosing talent and that Sony will learn from its mistakes and “have the best security in the business by the time this is over.”
Sony’s former employees have filed at least six class action lawsuits against the company.
The lawyers for the former employees argue that Sony failed to follow proper security procedures that would have protected the employees’ personal information, and prevented them from possibly becoming victims of identity theft.
Sony was warned in 2007 that its on-line security was sub-par and could lead to a security breach like the one that occurred last month.
Jason Spaltro, who is the senior vice president of information security at Sony, was the former executive director of information security in 2007 and he let it be known that computer security is not the company’s top priority.
Spaltro told CIO that Sony’s primary job is to make money for the company’s shareholders and that the company risk losing money if it focuses on other issues like computer security.
Spaltro told CIO, “There are decision that have to be made. We’re trying to remain profitable for our shareholders, and we literally could go broke trying to cover for everything. So, you make risk-based decisions.”
The “risk-based decisions” almost resulted in Sarbanes-Oxley (SOX), internet security auditors, giving Sony a failing grade due to its poor computer security.
A SOX auditor warned Sony that its passwords were so “weak” that it could lead to the company’s systems being hacked.
In an effort to emphasize the importance of this point, the auditor told Spaltro that if he were in a business like banking where the security of sensitive information is of the utmost importance then he would “be out of business.”
Spaltro quickly brushed off the auditor’s comments and responded back with, “If a bank was a Hollywood studio, it would be out of business.”
Sony’s failure to heed the auditor’s warnings resulted in Sony having several security breaches from 2011-2014.
In 2011, Sony was forced to shut down its Playstation game system after hackers stole approximately 77 million users’ information.
Earlier during February of this year, Sony’s systems were hacked into via the same malware that was used to hack into Sony systems in November.
And then a little over a month after the November security breach, the Lizard Squad hacked into Sony’s Playstation game system and gained access to approximately 55 million users’ information.
According to The Hollywood Reporter, the November hacking scandal has prompted talks about Sony Corporation selling the Sony Pictures Entertainment studio in Los Angeles.
Some potential buyers include CBS, the Japanese bank Soft Bank, and Lionsgate.
As for Sony, they haven’t said whether they are going to sell or not.
The security breach resulted in approximately 47,000 employees’ social security numbers, salaries, and private emails being leaked on-line.
Sheila Marikar, who works at Sony, wrote in an article for Fortune Magazine that her co-workers are so concerned about being the victims of identity theft that they have changed their banking account information and hired the security firm, Life Lock, to secure their on-line information.
Mike Fleming of Deadline asked Amy Pascal, who is a board member of SONY Pictures, if the release of the employees’ social security numbers and personal emails would hinder SONY Pictures’ ability to retain and recruit employees.
Pascal responded that she didn’t believe the security breach would lead to Sony loosing talent and that Sony will learn from its mistakes and “have the best security in the business by the time this is over.”
Sony’s former employees have filed at least six class action lawsuits against the company.
The lawyers for the former employees argue that Sony failed to follow proper security procedures that would have protected the employees’ personal information, and prevented them from possibly becoming victims of identity theft.
Sony was warned in 2007 that its on-line security was sub-par and could lead to a security breach like the one that occurred last month.
Jason Spaltro, who is the senior vice president of information security at Sony, was the former executive director of information security in 2007 and he let it be known that computer security is not the company’s top priority.
Spaltro told CIO that Sony’s primary job is to make money for the company’s shareholders and that the company risk losing money if it focuses on other issues like computer security.
Spaltro told CIO, “There are decision that have to be made. We’re trying to remain profitable for our shareholders, and we literally could go broke trying to cover for everything. So, you make risk-based decisions.”
The “risk-based decisions” almost resulted in Sarbanes-Oxley (SOX), internet security auditors, giving Sony a failing grade due to its poor computer security.
A SOX auditor warned Sony that its passwords were so “weak” that it could lead to the company’s systems being hacked.
In an effort to emphasize the importance of this point, the auditor told Spaltro that if he were in a business like banking where the security of sensitive information is of the utmost importance then he would “be out of business.”
Spaltro quickly brushed off the auditor’s comments and responded back with, “If a bank was a Hollywood studio, it would be out of business.”
Sony’s failure to heed the auditor’s warnings resulted in Sony having several security breaches from 2011-2014.
In 2011, Sony was forced to shut down its Playstation game system after hackers stole approximately 77 million users’ information.
Earlier during February of this year, Sony’s systems were hacked into via the same malware that was used to hack into Sony systems in November.
And then a little over a month after the November security breach, the Lizard Squad hacked into Sony’s Playstation game system and gained access to approximately 55 million users’ information.
According to The Hollywood Reporter, the November hacking scandal has prompted talks about Sony Corporation selling the Sony Pictures Entertainment studio in Los Angeles.
Some potential buyers include CBS, the Japanese bank Soft Bank, and Lionsgate.
As for Sony, they haven’t said whether they are going to sell or not.
comments powered by Disqus