Pratum Blog

Thousands of payment card terminals became nothing more than small boat anchors last week.  The card terminals became a “brick” after a cryptographic key expired.  Funny thing, the key was created in 2004.  This means it hadn’t been updated in 10 years.  How exactly is this PCI compliant?  I’m pretty sure management of cryptographic keys is required by PCI.  Security of card terminals is quite often the responsibility of the terminal vendor but organizations have a duty to perform vendor management to ensure your systems are safe.  Ask your card terminal vendor when the last time cryptographic keys were changed or updated this week.

The team at Integrity wishes you and your family a very Merry Christmas season. We pray that you are able to stop and reflect on this as a season of hope and will share it with those close to you.

From a personal perspective, the hack of Sony is of little consequence to me.  I probably own stock in the company via a mutual fund somewhere but any financial losses will be minimal and likely undiscernible in the grand scheme of my retirement planning.  The Target and Home Depot hacks however were a pain in the rear.  I had to change debit cards and have fraudulent transactions reversed.  Yes, VISA covered the nearly $1,300 in fraudulent charges but I still had to cancel the cards, wait for new ones and setup recurring payments to Netflix.  Do you know what happens in a house with four kids who can’t get their Netflix fix?

Even though Target and Home Depot have or will spend millions to deal with their breaches and improve information security, I think the Sony breach is worse, and here’s why.

First, the company’s intellectual property was stolen.  This impacts current and future profits as movies and other entertainment media may not be as popular or even released as a result.  The fact that Sony has halted production on several movies means thousands of people are impacted financially.  The security of intellectual property is critically important to any organization that creates or develops their own "secret sauce".

Second, some reports say that Sony employees are being targeted.  Would you want to work for an organization where your employment is making you the target of threats?  For some people this is par for the course.  Law enforcement, night club bouncers and information security pros are all examples. But what about creative folks, office and clerical staff?  I’m betting more than a few have considered finding a new employer if they have to deal with this type of nonsense.

Lastly, confidential email between studio executives that are less than flattering regarding some important people inside and outside of the organization have been released.  This is simply throwing fuel on an already raging public relations inferno.

While the Target and Home Depot breaches were bad for consumers, I think the Sony hack is worse for the company.  Let this be a lesson to all.  Information security is important.  Compliance is great (HIPAA, PCI, FISMA, etc.) but security is better because it looks at your total risk and is not blinded by checkboxes.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.