18 December 2014
While much has been made of the Sony Pictures hack and the damages it continues to cause to the business, my real sympathies are with the employees whose private details have been spilled out into the public domain. Whether it’s salaries, medical details or email correspondence, nobody expects to have their sensitive personal information exposed to the world.
It therefore comes as no surprise to hear that two of the company’s employees have taken legal action over their employer’s failure to protect their data, quoting the former information security director (now senior vice president of information security) who had previously told an interviewer that it was a “valid business decision to accept the risk” of a security breach rather than invest millions in preventing it.
Unfortunately, this is an opinion some businesses still have. Don’t get me wrong, it can be hard for business owners to stay on top of security, as we all have huge demands on our time and money. It’s all too easy to succumb to the ‘out of sight, out of mind’ train of thought where, unless a problem is glaringly obvious, you’re not going to prioritise it. However, with the increased threat of cybercrime these days, it’s about being pre-emptive and proactive.
The internet has experienced colossal growth. Yet, the more data we put on it, the bigger the threat of attack becomes. Business owners, including Sony, need to start looking at the teams they’re employing. If you build websites and store data, you need cybersecurity experts in your team as a matter of priority.
Back in the old days, you’d have a security team protecting your building. Nowadays you’ve got security people looking after all the precious elements of your business; your network and all the sensitive files on that network. Everyone is vulnerable to cybercrime, ourselves included. There are some incredibly clever people keeping us on our toes, so preparation – as always – is hugely important, and investment in security, essential.