May 26th, 2011
Posted by Joe Wilson

Sony has recently experienced what is shaping up to be the most disruptive and dangerous public cyber-attack to date. According to Sony, they discovered their PlayStation and Qriocity networks had been compromised on Tuesday, April 19. The following day, Sony took steps to bring these networks offline, leaving millions of gamers isolated without access to online play or any of the other offered online services. It was two days later before Sony issued a public statement clarifying that the downtime was because of an outside incursion to their network. On April 26, the public received its first glimpse of the full extent of the damage. In a statement released on the PlayStation Blog, Sony revealed that user information, including name, address, country, email address and birthdate, had been obtained by a third party. In this statement, Sony also stated that it had no reason to believe that users’ credit card information had been compromised. However, three days later, hackers claimed to have 2.2 million credit card numbers, including CVV security codes, belonging to Sony users.

It is now a month after the intrusion and Sony is still struggling to provide users with online services. This attack underlines why online security is essential for any brand managing a user network, especially those that store sensitive information. Yet perhaps the most valuable lesson to take away from the Sony cyber-attack is crisis management. Any digital security expert will tell you that no system is unhackable. Even the most secure network can be penetrated given enough time and effort. Many feel Sony’s customer frustration stems more from mismanaged PR and a general lack of information. Sony has continued to share information with users through the PlayStation Blog and has also offered other services for customers, including free identity theft protection for subscribers. However, PS3 users attempting to log on to the network received only an error message announcing that the server is currently undergoing maintenance. In the weeks following the PlayStation Network intrusion, Sony lost over $2.08 billion in stock value as investors sold in droves. This crisis is likely to change the way consumers view the brand, and it’s still yet to be seen if gamers will be willing to trust Sony again. Without a doubt, this cyber-attack has wreaked havoc at Sony and the aftermath is still to be determined.

Ever since the Web went 2.0 and users started liberally handing out personal information, privacy has become a hot-button issue. Mark Zuckerberg and Facebook continue to be pressed by the public and government on privacy. Even Internet giant Google faced harsh criticism when it launched the social service Buzz last year. Google admitted fault right away and released updates to address the public’s privacy concerns within a week of launch. When Google experienced an attack against Gmail, it not only provided information on the kind of the attack, but also detailed steps outlining what was to be done to prevent such attempts in the future.

Digital crimes are no longer just the stuff of sci-fi movies. Today, almost everyone from the biggest brands to individual bloggers store user data in one form or another. It could be a simple email newsletter distribution list or sensitive financial information like credit card or bank account numbers. More than ever, it is important to know that your data is secure. Sony is a cautionary tale for brands. Users expect that if they share their information with a company, every measure will be taken to protect that data and handle it in an ethical fashion. Equally important is for companies to have a contingency plan in place for how to handle an attack or misstep when one takes place. Quick communication and transparency are key when handling user privacy issues. And always, always remember that there is someone out there smarter than you. Don’t ever assume that your data is safe. Ask questions of those that manage your network and stay informed as to the security measures you have in place to protect your users’ data.

In summary, if you haven’t put any thought to your network’s digital security plan, now is the time to start. A harmful attack can tarnish your brand image just as much as it can compromise user information. Just keep the following things in mind:

1. How is the user information on your network stored and what safeguards are in place to protect it? If you don’t know, find out.

2. What is your plan if an attack takes place? Knowing how to react can mean the difference between public sympathy and scorn.

3. Be transparent. Always tell your customers how you plan to use their information and if it is ever compromised, be sure you tell them every step of the way what is being done to prevent such missteps in the future.

Users just want to know that you have their best interests in mind when dealing with sensitive personal information. Due diligence is required to protect it, and honesty and open communication are the key when managing user expectations.