Business should learn from Sony’s catastrophic data breach

As Sony attempts to deal with the hacking attack that saw the data on its 77 million customers stolen, analysts are warning that the case should be used by companies to secure their own infrastructures.

Sony's PlayStation Network and Qriocity servers were down for six days before the company admitted that it had a problem.

Now, as more details have emerged (and the first lawsuit filed), organisations should look at their own security arrangements to avoid the same fate.

"A problem such as this needs to be dealt with at the highest levels of management," William Beer, director of OneSecurity at PwC, told V3.co.uk.

"An event like this has a serious impact on a company's reputation and stock price. You need senior executives onboard from the start to deal with the problem."

Beer suggested that companies should run simulations to develop plans for dealing with such an outage, from assigning network responsibilities to deciding who will speak to customers via the press. A breach notification should also be prepared.

Several security firms have pointed to the lack of encryption used by Sony on basic customer information, but technologies like encryption should not be overestimated and could in fact be a disadvantage, according to Beer.

"Encryption can help, but it can also introduce complacency," he said. "For example, my work laptop is encrypted. But that doesn't mean I should leave it in the boot when I go out."