Consumer Security

Sony’s Exec Changes Fail to Impress

Several weeks after the Sony PlayStation Network was brought to its knees by a massive security breach, the company has decided to clean house with an executive reshuffling.

Among the changes: Akira Sato, chairman of Sony Computer Entertainment, and Ken Kutaragi, honorary chairman, will retire, effective almost immediately. Kutaragi is leaving his position now, but will continue to serve as an advisor. Sato is leaving at the end of August.

President and CEO of Sony Computer Entertainment Kazuo Hirai will become chairman and continue to serve as executive deputy president of Sony. Andrew House, PlayStation chief executive for Europe, will step into Hirai’s shoes.

Is It Enough?

Whether these changes will be enough to mitigate the immense damages the company suffered — and caused — in the wake of the cyberattacks is unclear, to put it charitably. A more candid assessment is that it’s downright doubtful.

To briefly recap, cyberattacks launced in April forced Sony’s PlayStation Network to shut down for more than three weeks and compromised perhaps as many as 100 million customers’ personal information. The breach will cost Sony at least US$171 million, according to its preliminary financial forecast, and the tab will likely wind up being higher. Among the variable costs the company is facing: multiple inquiries from various governments, as well as class action lawsuits — not to mention the lingering ill will of its partners and customers.

Given the magnitude of this damage, its executive reshufflings appear to be a paltry response.

Sony did not respond to the E-Commerce Times’ request to comment for this story.

“In my opinion this was just a nod to the class-action lawsuits,” Hawkthorne Group CEO Mike Meikle told the E-Commerce Times. “The arguments behind the lawsuits are that Sony didn’t take security seriously enough — and that consumer data protection was particularly lax.”

If Sony were truly serious about cleaning up after this breach, more — many more — heads would roll and they would be heads found further down the food chain, Meikle suggested.

“There should be firings at the senior level,” he said — “the people who were directly responsible for these policies, or lack of policies, rather.”

Such a recalibration of the executive team should not be done for punitive reasons, but rather to ensure that such a breach doesn’t happen again, Meikle explained.

“As far as I can tell, it has been business as usual,” he said. “I am not sure what problem this reorganization is addressing or even if it is the right problem — that is, whatever led to the breaches in the first place.”

Renewed Focus

In general, companies are starting to wake up to the fact that security needs to become a C-level responsibility, said Roger Cressey, a senior VP with Booz Allen Hamilton, who served in senior cybersecurity and counterterrorism positions in both the Clinton and Bush administrations.

Whether or not one agrees with the efficacy of Sony’s management changes, “we are definitely seeing a renewed focus on the security component and a recognition of how the threat has evolved,” Cressey told the E-Commerce Times.

In short, after a period of unusually brazen cyberattacks, companies, financial institutions and governments are waking up to the fact that they need to come up with a dynamic defense approach — one that is not network-security oriented but rather cybersecurity oriented, he said. Examples like Sony show that cyberattacks can impact a brand.

“What security is coming to mean for companies,” said Cressey, “is that it is about protecting the brand as much as it is about protecting data.”

2 Comments

  • You know Sony had problems before the whole Play Station issues. They were at one time the elite electronics company. But today their image is certainly tarnished. In more ways then just the security breach.

  • Right, like some others are actually calling in as well:

    At this point we could pretend to have protections on our individul consoles that make it harder to sniff out our packets and compomise our entire home networks. It would be nice to know that some random user cant just send anything to my kids thru the message system; after having the maximum # blocked already. Mine has been asked for nude photos!!!

    We can keep pretending that these companies are getting away with it cause they can or we can wake up and NOT LET IT HAPPEN. I love the free market but just like politics in America, we have been duped into thinking we dont have the final say.

    Sony NEEDS to focus on real security for the end user now. Its great they beefed up their own servers (I guess its great, it would have been awesome to not have out of date servers to begin with), but now its time to enforce some console securities. Most people ARE NOT using their PS3 for reason of piracy. Its slow, complicated, and well, just not worth the effort ..other than twitter bragging rights(gimiie a break). However, there is a group[ out there that has defined how to sniff out connecting PS3’s and then utilize the PS3 to compromise the ENTIRE HOME NETWORK attached to it.

    So, along with the stories main focus …are we, the consumers, just going to continue to allow these things; giving the excuse ‘what can I do about it’, or are we going to start phoning these coporatews, and not their fulfillment lines but researching the actual coporate HQ # (SCEA 650-655-8000, Consumer Svcs Dir. 650-655-5920).

    Im tired of all the folk that come and blog about something but thats where they stop. Bloggin aint gonna do it. Its a start but we HAVE TO take this to the actual companies themselves …not the third party fulfillment they hire to claim deniability.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Erika Morphy
More in Consumer Security

E-Commerce Times Channels