Sony facing huge challenge to keep secure as hackers seek notoriety

Hackers targeting all divisions of Sony for 'badge of honour in the IT community', according to Kevin Murray, VP, Digital Production at Columbia Records

Sony is finding it harder to thwart cyber-attacks from hackers who are seeking notoriety, Kevin Murray, VP, Digital Production at Columbia Records, told Computing in an interview.

The firm has been a victim of several high-profile cyber attacks and hacks: yesterday computer hacker group Lizard Squad claimed responsibility for taking down the PlayStation Store and PlayStation Network, while in August the PlayStation Network (PSN) was taken down by a DDoS attack. In April 2011, hackers exposed personal details about millions of PSN customers including names, home addresses and dates of birth - Sony has since been fined £250,000 by the Information Commissioner's Office (ICO).

Sony is still reeling from a cyber attack on its film division, which took place last month, with celebrity details including phone numbers and aliases being hacked.

Murray suggested that the Japanese firm is suffering because it is a "huge global media company" and has a "big target on its back".

"There are not a lot of companies that have the scope and breadth that Sony has, and so some hackers try to get notoriety - I guess it's a badge of honour in the IT community," he said.

He went on to suggest that one hack in one division of the company has opened up all of the divisions as potential targets as hacking communities become more aware of vulnerabilities.

In the UK, two men hacked Sony Music in 2011, stealing thousands of hours of music tracks including unreleased material by Michael Jackson.

"Sony is a very large company and that produces a lot of challenges on the security side of things. If you have a target on you it creates a huge challenge," Murray stated.

He then went on to discuss security at his own organisation.

"We're having to look at security on every level, not just the security team; we have to make sure that data that shouldn't be accessible outside of the company is kept secure," he stated.

Murray suggested that his organisation has to find the right balance of being secure but also enabling staff to access relevant information.

"I don't know if there is a successful strategy for locking everything down ... we're balancing ourselves from limiting access to information and preventing ourselves from being hacked," he said.