The hackers who penetrated Sony’s PlayStation Network, Qriosity music service and Sony Online Entertainment are planning to launch another major attack against the company this weekend, a reader of an Internet Relay Chat channel used by the hackers reportedly told Cnet.
The hackers claim to have access to Sony’s servers and plan to publicly post all or some of the information they can pilfer, which could include names, credit card numbers and addresses.
Meanwhile, Sony CEO Howard Stringer issued an apology to customers on Thursday and said the company is offering a free US$1 million identity theft insurance policy to its U.S. customers.
Sony provided additional details on the complimentary enrollment for an identity theft protection program it announced on April 30. The program will be available to PSN and Qriocity account holders in the U.S. only. Sony is currently working on similar programs in other countries. Sony has made arrangements with Debix, an identity protection firm, to provide AllClear ID Plus at no cost to account holders for 12 months.
Users will have until June 18 to sign up. The program includes cybermonitoring and surveillance of the Internet to detect exposure of personal data, according to Sony. The plan also includes priority access to private investigators and identity restoration specialists. A $1 million identity theft policy will provide users with financial relief to cover possible identity theft costs.
On another front, Sony said it has reached a milestone in testing its PSN system and is working around the clock to restore service. Its “Welcome Back” program will include free content downloads and a 30-day subscription to PSN Plus and Qriocity Music Unlimited.
Can Security Be Priority No. 1?
Consumers typically trust vendors to take care of security behind the scenes so they can go on their merry way. When a breach the magnitude of Sony’s occurs, however, the magic spell is broken, and the trust dissolves.
“Security is something our industry always has to think about, but consumers never want to,” Jim McGregor, chief technology strategist at In-Stat, told the E-Commerce Times.
Now that consumers are on high alert, Sony will have to rethink everything from a security standpoint, he said. “This is something we’re going to see more and more of. If your security solutions are software only, they will be breakable. Any software can be hacked. All of these solutions out there have failed, because we can’t figure out how to get people to pay for them. We need to get to the point where we take security seriously as an industry. It’s going to create more problems, and it will keep some players at the sidelines.”
The answer may be in the hardware. You can enhance security by adding an abstraction layer, noted McGregor. The problem is, it’s expensive.
Cyber-Egg on Sony’s Face
As Sony’s problems snowball, the company looks increasingly unable to manage security. It’s an understatement to say that so far, it has not handled this well.
“Sony has been slow to react, so it’s been a black eye politically and in terms of customer expectations,” said McGregor. “When something happens of this size, it will linger for some time. Consumers thus far have been willing to put up with it — but there has to be a greater emphasis put on security. Consumers also have to say enough is enough. Consumers need to start fighting for better security.”
Can Sony Make It Work?
If hackers kick Sony while it’s down, the blow could be even worse than the original attacks.
“Any kind of attack like this can be painful for a vendor and it customers,” Charles King, principal analyst at Pund-IT, told the E-Commerce Times. “The first order of business is to get things up again and be sure it doesn’t happen again. Sony hasn’t been able to do that. If another hack comes on the back of what’s happened, it not just painful from a PR standpoint — it raises questions about their ability to manage their infrastructure.”
Sony not only has to patch up holes in its networks and strengthen its security parameters, but also patch up its customer relationships and regain trust.
“You have to think that if this goes on for much longer, there will be questions in people’s minds about staying with them,” said King. “We’ve seen other classic security lapses such as TJ Maxx. They suffered in the short run. But I can’t think of any company that has suffered the ongoing breaches that Sony has. Customers will have questions about how long they can stay before exiting and going with someone else.”
Nearing the Last Straw
If hackers land another successful attack, then things could get very bleak for Sony.
“Another breach right after the last one could doom their e-commerce business,” Carl Howe, director of anywhere consumer research at the Yankee Group, told the E-Commerce Times. “It’s a bit like a bank recovering from a robbery. If they get robbed again the week after they reopen, I think customers are going to be afraid to keep their credit cards there.”