Millions of Sony’s on-line customers data was at risk following the attack on their Japanese firm’s on-line video games network.  Barracuda fell to a SQL injection attack on their corporate web site having placed their web application firewall in passive mode in order to undertake maintenance.

Says Tankard, “One would certainly hope that the very basic need for data encryption had been in place.  However, encryption alone is simply not enough.

“Had these companies had robust and security in-depth systems they would have definitely been alerted to abnormal activity taking place and been able to investigate, even prevent, the attack.”

Digital Pathways specialises in the installation of SIEM (security incident & event management systems) and works alongside Trustwave and Alien Vault, both industry acknowledged security in-depth systems.

“Those companies who collect sensitive data have a considerable responsibility to ensure its protection and they simply are not doing so.  Any company holding data should have it properly encrypted, logged, audit trails and SIEM systems in place.  

“Data holders need to wake up to the need for security  in-depth management.  Attacks such as those we have seen recently are not going to go away - in fact, they will increase.   Security in-depth must become a priority for any data holding company.”