September 06, 2011, 11:46 AM — Sony has finally hired someone as chief of security with the background to understand there is a connection between the existence of locks, barn doors and escaped horses.
Usually big companies lock the barn door after all the livestock are gone; Sony never really bothered, even after a series of attacks on Sony sites that began April 20, with a hack that took down the Playstation Network for more than three weeks.
Then there was the attack on Sony Online Entertainment Qriocity and 14 or 15 other attacks on various other Sony sites or networks, most due to Sony's decision to fix internal systems to protect its internal data, not external ones to protect its sites or customers, inability to accept responsibility for its own culpability, internal communication problems that kept it from identifying common problems, or the cost-cutting and layoffs in IT security just before the long series of hacks.
Sony lost half its stock value as the number of attacks increased and it became clear just how sketchy its idea of security really was, not to mention its minimalist approach to protecting the information of its customers.
Early on internal risk assessors published an estimate that the attacks would cost Sony an acceptable $171 million in lost business and new expenses, plus whatever would be awarded to plaintiffs in lawsuits that had not yet been filed because the lawyers putting the suits together couldn't agree on how many times to include the words "stupid" and "careless."