Sony Knew About Security Vulnerability Before Breach

By Chris Heller • December 13, 2014

Really? This has us scratching our heads….no editorializing necessary.

An audit by PriceWaterhouseCoopers over the summer warned Sony – “Security incidents impacting these network or infrastructure devices may not be detected or resolved timely.”

The audit, performed by PricewaterhouseCoopers, found one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure, but rather by the studio’s in-house group, which was tracking activity on logs.

Auditors found that since transitioning from a third-party vendor in September 2013, Sony Pictures had failed to notify the corporate security team to monitor newly added devices, such as web servers and routers. Studio management told the auditors its corporate security team is focused on bolstering devices on the perimeter of Sony’s networks and that it hasn’t applied “the same level of rigor” for other, non-security devices such as routers and web servers.

THIS IS PRICELESS….the irony is that the confidential report was among Sony’s General Counsel Leah Weil’s email correspondence,which hackers released to public file-sharing networks earlier this week. It included recommendations for bolstering security.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands