The recent Sony PlayStation data breach caught the attention of consumers and information security professionals alike. The gaming network – which houses personal information such as player names, email addresses, phone numbers, credit card numbers and other information – was hacked. After a second Sony online service was attacked, the number of users whose personal data was potentially compromised is estimated at 100 million.
The major issue that has angered many is not that the hackers were able to break into a supposedly highly secure network, but Sony's slow response in sharing details on the breach (though computer forensic work requires time).
Other organizations can learn from the blunder, said Chirag Joshi, assistant information security officer for the University of Colorado.
"At CU, the Office of Information Security and all the campus IT professionals have always understood how important it is to secure our systems and data, and maintain a pro-active stance to guard against threats, and we have planned for crisis management should the need arise," Joshi said. "However, this could never be accomplished without the support and contribution of all the CU employees."
The Office of Information Security asks that all colleagues continue to actively participate by reading the security awareness articles, using anti-virus, anti-phishing and other provided resources and – most importantly – never giving out passwords to anyone.