“I find it astonishing that anyone holding data, let alone a major player such as Sony, has not got even the basics of data security in place.  Encryption is the obvious step everyone should have in place to protect their data at rest or in storage.”

‘Lulzsec', a team of individuals who recently managed to deface the American education website, PBS, homepage, has claimed that it broke into SonyPictures.com and compromised over 1,000,000 users' personal information.  This included passwords, email addresses, home addresses, dates of birth and opt-in data associated with their accounts as well as administration details of Sony Pictures - 75,000 ‘music codes' and 3.5 million music coupons. LulzSec said that it didn't have enough resources to copy all the data that it was able to access. But the group did manage to grab a collection of databases that contain thousands of usernames.

“ The effect of bad publicity like this on a business can be huge.  Loss of trust and loyalty, that all companies work so hard and spend so much money to achieve can be lost just like that.  And for what, the foresight and cost of employing robust encryption systems.” Says Tankard.

 “What organisations seem not to put in place is security in depth”. This is the model designed to alert organisations to unusual behavior giving them the chance to stop an attack even if one form of defence has failed. 

“Should the attack break in say through the Firewall as was the case in the recent Baracuda incident, the next level of defence kicks in, leaving encryption as the back stop when failure to react to the situation by the organisation has happened.

“Events such as this should act as a wake up call to all companies; get encrypted and do it now.  At least if you suffer a loss the data is useless to those who steal it and customers are protected.  Now that would be something to crow about.”