Better Sorry Than Safe?

<?xml version="1.0" encoding="UTF-8"?><root available-locales="en_US," default-locale="en_US"><static-content language-id="en_US"><![CDATA[<p>Like many companies, Sony has had a few awkward moments in its illustrious timeline. However, nothing can compare to what just happened.<br>&nbsp;<br><strong>Biggest Breach</strong><br>The personal data of over 77 million PlayStation users is quite possibly in the hands of hackers. The user network has been down since April 19 and is now getting back on its feet. &nbsp;Reports say the data includes the credit card details of 10 million users, but Sony says it has no information "at this time" that hackers really have got to data which they say is encrypted. The upshot is no one is sure exactly what's happened with the data but there are sporadic reports of credit card infringements. Posts on hacker forums seem to indicate they can have that encryption for breakfast. All in a day's work. &nbsp;One amazing rumor has it that hackers actually offered to sell the data back to Sony.&nbsp;&nbsp;<br><br><strong>Bowing In Apology</strong><br>With perfectly bad timing, an apology from Sony has come right after the company launched its me-too tablet, making people wonder if it was deliberately held off until then. Most think it's too little too late. If Sony thinks a "sorry" means all is forgiven, they may soon find out otherwise in court with irate customers. The Japanese-style apology by Kazua Hirai, president and CEO of Sony Computer Entertainment and other Sony execs &nbsp;looks heart-warningly humble, but the press release mostly talks about how the company has itself been the target of a cyber-attack It even says this was an attack on the entire industry – meaning not Sony's fault alone?&nbsp;<br><br>The press release focuses on the services that will be restored as the network limps back to normal. About the measures it's taken, Sony has this to say: "SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information."&nbsp;<br><br><strong>Damage Control</strong><br>One can't help wondering whether Sony could have, just as quickly, raised an alert for users to change or temporarily block the credit cards used on the network. Sure, this would have been an admission of the seriousness and intrusiveness of the attack, but an early alert would have been more responsible and concerned and would have earned more trust than talking about how extensive Sony's tests are right now. &nbsp;Investigations may help find out what happened and but they aren't going to re-secure those credit cards or prevent identity fraud. &nbsp;Complementary offerings and customer appreciation programmes seem to be winning back some customers, but a crisis like this one isn't going to be easily forgotten.&nbsp;&nbsp;<br><br><strong>Never Sleep On Security&nbsp;</strong><br>No one is hacker-proof – that much is acknowledged by everyone. How a company responds in a security breach of this proportion however, shows its values. If it had room to improve its security – and that's obvious now, after the attack – why didn't it proactively and intensively explore doing so before? As the online world gets no safer and customers trust their details to everyone doing business online, it's critical for companies to constantly look for safer ways and move quickly and effectively when that safety is compromised.<br><br>Mala Bhargava is a personal technology writer and media professional. Contact her at mala@pobox.com and @malabhargava on Twitter</p>