The case in which hackers invaded Sony Corporation suggests that businesses should consider including strategic plans to deal with any internet-dependency risk, as well as protect private data that might interfere with their images in the market. In the 2011 issue, fraudsters targeted Sony because it had removed Linux from the Playstation 3. The company had no specific strategy to deal with the problem given the fact it took it over seven days to respond. The organization had to stop the hackers and ensure information did not flow freely but it was unfortunate, as the company sought the services of the California court because it had no capacity to deal with the hackers. The court invoked Digital Millennium Copyright Act, as well as the Fraud and Abuse Act to resolve the problem where users had lost money through fraudulent activities. Analysts noted that the company was never keen on security issues when designing the product.
Sony had to inform its clients that cyber criminals had stolen their personal data and credit card information after several days of scrutiny and evaluation. It was unfortunate because the organization could not establish the extent of theft after six days because it only claimed that customers’ birth dates, their email addresses, their nationalities, and user names were unsafe. This raised political temperatures in the United States, with a number of experts questioning the capability of the company to safeguard the interests of customers (Won-Kim and Jeong 11). Intruding into people’s private information is illegal under the US constitution because the act entails intruding into people’s privacy and secrecy. The company ought to have prevented the occurrence of crime where people lost their money to online fraudsters who exploited the weaknesses in the organization’s structures to steal from people. The hackers made sensational claims that the company conducts communication between the server and the console through a non-secure web protocol, which is further unencrypted.
In May 2011, the company guaranteed its customers that it would restore network on the play station and promised to improve customer security by developing superior technologies, augmenting supervision on the software, carrying out susceptibility testing, increasing encryption, applying additional firewalls, and adding an early-warning system for normal prototypes to facilitate detection of the violations before they occur. The company made another mistake while addressing the disaster when it responded six days later. This means the fraudsters had access to people’s information for more days given the fact thieves continued to access their purchase histories, billing information and credit card information. The company made a decision to hand over the role of detecting the extent of crime to an independent firm, but it lost loyal customers, as many of them were concerned with their safety. The organizational structures failed to prevent the interests of the company because they should have safeguarded customer data, including the credit card numbers and account passwords.
The solution to this problem is hiring the best workers that have the capability of detecting the problem early enough and dealing with it before customers lose their resources (Schermerhorn 89). For instance, the organization had to seek the services of another company to detect and stop the menace. If Sony had a security team that constantly situated at the company, it could have solved the problem earlier because their role would be to monitor security on the databases and carryout the usual maintenance exercise while updating them to prevent hackers from causing destruction. The reporting and communication structures in the company are defective as well because the management was never truthful. Adoption of corporate governance principles, such as engaging stakeholders and working closely with concerned authorities, would have solved the problem. The case of Sony surprised many people because the company was operating in the most risky industry yet it never had a security strategy to protect clients from incurring losses.
Sony came up with far-reaching measures to prevent a repeat of what happened by increasing and renovating the gaming cloud to improve customer safety, as well as detecting irregular cases. In October 2011, the hackers tried accessing the accounts of 93,000 users unsuccessfully. It went on to disable the accounts before the fraudsters could do anything harmful to them. The company had set up an effective security system that played a role in early detection. The company could have averted the 2011 situation could it have adopted the system earlier. Having appointed the chief information security officer in September 2011, the account of each client was monitored frequently. The company worked closely with the Department of Homeland Security and other industry players, such as Microsoft to help in checking the activities of hackers and shutting them before succeeding in carrying out their heinous acts. The company has taken substantial initiatives to help customers enjoy the services it offers. Sony should consider updating the security systems to avoid conflicts with the government, as it was heavily criticized of facilitating the loss of resources and interfering with personal privacy. The company lost considerable capital in terms of payment of fines and penalties for allowing loss of personal data.
Works Cited
Schermerhorn, John. Organizational Behaviour. Mississauga: John Wiley & Sons Canada, 2005. Print.
Won-Kim, Ok-Ran, and Jeong, Chulyun. “The dark side of the Internet: Attacks, costs and responses”. Information Systems 36.3 (2011):5-19. Print.