SONY- What's the answer?

Attacks and data exposure continue to plague SONY all over the globe.

Attacks and data exposure continue to plague SONY all over the globe. Countless articles continue to discuss the problem and then talk about how companies in general need to be more proactive with encryption": The company has warned investors that last month’s attack will cost it approximately 14 billion yen ($167 million). This will further hurt a company that expects to post a 260 billion-yen ($3.1 billion) loss in the fiscal year ended March 31 due to a one-time tax charge and the ongoing disruptions caused by the earthquake in Japan. So what lessons can be learned from Sony’s struggles? Ann Cavoukian, Ontario’s Information and Privacy Commissioner, advocates what she calls “privacy by design,” or embedding privacy into all technologies, business practices and infrastructure. “Embed privacy proactively. Don’t wait for an after-the-breach solution. Don’t wait for privacy by disaster. Do it beforehand by design,” Cavoukian tells BNN. She added that companies like Sony should automatically encrypt all customer data so that hackers won’t be able to access it even if they do manage to break into a website or network. We've said it before and will continue to say it- encryption is only effective to a point, and creates a false sense of security. Encrypted data is essentially a data puzzle that can be reversed. In this BNN article Kristine Owram concludes the piece by saying, "But as technology – and hackers – become increasingly sophisticated, will the threat of government fines be enough to protect Canadians’ privacy? Or will companies like Sony have to learn the hard way how to win consumers’ trust?" No, fines are not really enough, especially when trying to repair customer trust. You do it be showing clients, stakeholders and the industry at-large that you are truly committed by deploying multiple safeguards- especially ones like data masking that are iron clad when it comes to securing stored data. This is a new frontier of sophisticated threats against data. Businesses should not solely rely on antiquated methodologies of securing private information.