Information security expert John DArcy, assistant professor of information technology management at the University of Notre Dame, says this weeks hacking attack on Sony Corp. is yet another example of the significant information security threat that affects almost all businesses.
The group of hackers, which calls itself LulzSec, posted Sony network plans and code, the latest in a string of attacks in the last few months. In April, the Japanese technology and media giant was forced to shut down servers that hosted its PlayStation Network service after it was discovered that it had been hacked and the personal information of 100 million customers had potentially been stolen.
It seems Sony has become the laughing stock of the hacking community, DArcy says. Sonys damages total more than $172 million, which really speaks to the fact that security is no longer simply a technical issue that should be delegated to IT personnel. It has become a general business and risk management matter that should concern management at top levels of the organization.
Right now, Sony is suffering from major financial and reputational damage, he says. Moreover, as expressed in the hackers messages, there is little that can be done by law enforcement and the FBI to help with the situation. Given the ease and anonymity with which these hacks can be conducted, as well as jurisdiction issues that prevent U.S. law enforcement from pursuing certain international hacking groups, it is likely that the bad guys will remain in the drivers seat for the foreseeable future.
DArcy conducts research on information security and computer ethics. In recent papers, he has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His research also investigates individual and organizational factors that contribute to end user security behavior in the workplace.
Explore further: ND Expert: WikiLeaks points out danger of insider threats to information security