April 2011

As you probably know by now, the Sony PlayStation platform was breached and a lot of personal information was compromised. According to reports, names, addresses, birthdates, physical addresses, email addresses, passwords and credit card numbers were stolen.

While most businesses do not operate multi-user gaming platforms such as Sony’s PlayStation, this episode, along with recent others, does underscore the need for companies to understand and protect their data before a breach occurs.

From what I understand, Sony is having to rebuild the PlayStation platform from the ground up and is physically moving the facility to another location. Along with that expense and the expense of notifying affected consumers, companies must also add damage to their reputation and brand, which can be many times more harmful than direct remediation costs.

The PlayStation platform has been down for over 2 weeks. Can your business afford to be down that long?

Time.com has a good article on the PlayStation breach which can be found here.

According to a recent article on zdnetasia.com, small and medium-size businesses in the United States lost more than $11 million over the past year in online scams in which stolen banking credentials were used in fraudulent wire transfers to companies in China.

According to the article, “In most cases the criminals managed to compromise the computer of someone within a target company who could initiate funds transfers, according to a fraud alert issued by the FBI this week. The victim either receives a phishing e-mail designed to trick the recipient into revealing online banking credentials or into visiting a Web site hosting malware that steals the information from the computer.”

This is just another in a long list of scams and underscores that businesses are increasingly becoming targets and that everyone must remain vigilant.

You can read the article here.

I read a report yesterday that said that the European Space Agency (ESA) website was hacked, hacked, resulting in the disclosure of sensitive project logs and exposing hundreds of email addresses and passwords associated with some of Europe’s top science institutes.

The hacker, known by the alias TinKode, posted a full disclosure of the attack. According to the hacker, he was able to gain access to FTP accounts, database users, hashed passwords as well as SHA1-hashed server root passwords.

The hacker was also able to gain access to some of the ESA's satellite activities and calibration sources.

I think we will see more and more of this type of attack going forward. I was recently with a group of general counsels in the manufacturing space and one main point that was stressed was that espionage type activities will continue to rise for the foreseeable future. I also advised them that they need to make certain that not only are their IT systems protected but that their IT governance and compliance models are current and relevant to the threats and to their organizations. In short, information security will be tougher to execute and will be a subject for corporate boards and c-suites.

You can read more about the situation at ESA here: http://www.zdnet.com.au/european-space-agency-hacked-339313416.htm

I will be authoring a column in Inside Counsel magazine on technology and its use by lawyers. The first article in the series is on technology risks for lawyers when traveling. The advice in the column is relevant, however, to all persons using technology such as laptops and smartphones when traveling. I hope you enjoy it.

You can find the first article, "Technology: Taking Technology on the Road," at the following site: http://www.insidecounsel.com/Exclusives/2011/4/Pages/Taking-Technology-on-the-Road.aspx

My article discussing the IT "management convergence," meaning the need to have common management (or at least information sharing) among IT, security, compliance, privacy and e-discovery professionals has been published in TechJournalSouth. Click here to read, and let me know what you think.