Sony's IT department

[Perrine]

... Or both?

 

Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.

http://www.huffingtonpost.com/2011/06/02/sony-pictures-hacked-lulzsec_n_870615.html

[APDrone]

Since Sony is a publically traded company( Corporation ), any expense in IT/IS that does not generate additional revenue will be avoided like the plague unless it can be proven, beyond any doubt, that there may be more pain if such an expense is not taken.

I suspect they'll have some capitalizable projects in the works for the short term.

[Vulcan]

What they got hit with is pretty easy to mitigate.

Most likely they went with a certain brand of network equipment as an 'end to end solution' that begins with "C". Unfortunately that brand's security solution is renowned for being absolutely rubbish.

[Reschke]

They sound a lot like some of the other companies I know of.

[Babalonian]

I'm not surprised at all, and neither should anyone else that's had experience with SOE (Sony Online Entertainment) in the past... and they've been around setting their company's standard for a very very long time.  Would be nice if someone did actually do something that finally got them to change a few if not many of their ways, but I wouldn't hold your breath for that to finally happen tomorrow after the last 15 years.