|
|
|
|
|
|
by xnull2guest
4163 days ago
|
|
|
I agree that all security is a cost-benefit tradeoff. This is of course folklore wisdom. The importance with regard to the SONY case is that SONY was not the victim of an opportunistic attack but was targeted specifically. In this case, it is highly likely that SONY did invest in training its employees in corporate policy and security awareness (at least as much as any other corporation). I have trouble thinking of a cost-effective way that SONY could have prevented #GOP from getting in. IMO SONY had two failures: 1.) The hording of data. Again I don't think that this is uncommon. I would expect to see this at pretty much any company of their size. 2.) The lack of an ability to respond to the APT once it was discovered. This is extremely tricky business, but a critical piece of security. It is common now for businesses to assume that they have been compromised and to build out the capability to recover and isolate issues as quickly as possible. Unfortunately for SONY, all of their data had been exfiltrated out of the network by the time they knew there was a problem. |
|
|
Amazon, Google etc are specifically targeted all the time. What's different?