Information security expert John D’Arcy, assistant professor of information technology management at the University of Notre Dame, says this week’s hacking attack on Sony Corp. is yet another example of the significant information security threat that affects almost all businesses.
The group of hackers, which calls itself “LulzSec,” posted Sony network plans and code, the latest in a string of attacks in the last few months. In April, the Japanese technology and media giant was forced to shut down servers that hosted its PlayStation Network service after it was discovered that it had been hacked and the personal information of 100 million customers had potentially been stolen.
“It seems Sony has become the laughing stock of the hacking community,” D’Arcy says. “Sony’s damages total more than $172 million, which really speaks to the fact that security is no longer simply a technical issue that should be delegated to IT personnel. It has become a general business and risk management matter that should concern management at top levels of the organization.
“Right now, Sony is suffering from major financial and reputational damage,” he says. Moreover, as expressed in the hackers’ messages, there is little that can be done by law enforcement and the FBI to help with the situation. Given the ease and anonymity with which these hacks can be conducted, as well as jurisdiction issues that prevent U.S. law enforcement from pursuing certain international hacking groups, it is likely that the bad guys will remain in the driver’s seat for the foreseeable future.”
D’Arcy conducts research on information security and computer ethics. In recent papers, he has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His research also investigates individual and organizational factors that contribute to end user security behavior in the workplace.
Media Advisory: D’Arcy’s comments may be used in whole or in part. He is available for interviews and can be reached at 574-631-1735 or firstname.lastname@example.org