A realization through revelation has finally emerged in the wake of a cyber-attack at Sony, Corp., by its CEO, Howard Stringer – technology alone cannot protect the most valued asset of a company, its mission-critical data. In a telephone interview posted by The Wall Street Journal, Mr. Stringer stated that he could not guarantee the security of his network, nor any other Web-based program, and that this was the “beginning[…]of things to come.” Even as Mr. Stringer’s chief lieutenant, Mr. Kazuo Hirai, works to restore and investigate the cyber-attack that has crippled Sony’s PlayStation Network, the sad irony behind Mr. Stringer’s comments are that this is NOT the “beginning” of things to come.
Consumers of PlayStation products and investors at Sony should be outraged at this short-sided comment. It’s not as if the “beginning” started with the hack of its gaming network. Cyber-crimes have been going on for quite some time, and to suggest that we are entering a “bad new world” (Mr. Stringer’s words) based on cyber-crimes shows how unimportant securing mission-critical data was to this large U.S. corporation prior to the data breach. The reactive response, as is the case within Sony, is to assure its customers, investors, and general public at-large, that they are taking all necessary steps to “strengthen” its network through encryption and firewall build out.
What about the corporate culture within Sony? What steps are being taken to build a culture around securing mission-critical data? Technology alone will not protect the Sony brand. Sony has gone into reactive mode post-breach, and that should tell an investor and consumer exactly what kind of leadership they have in place. Hacking is nothing new to the gaming community. Mr. Stringer is simply being naive to think that we have just entered a “bad new world” of cyber-crime, and his lack of vision is summed up in his comments post-hack. Look around you Mr. Stringer, you have been walking in a “new world” for some time, and have just simply failed to realize that the neighborhood you are walking in is filled with crime and punishment. What lessons will other U.S. corporations learn from Sony, and more specifically Mr. Stringer? Data governance needs to be seen as a critical role in an enterprises overall risk management strategy.