Leaked emails show how terrible Sony is at cybersecurity

You might recall that several years ago, Sony’s PSN was hacked and while your first thought might be that it isn’t Sony’s fault but the hackers’, it turns out that Sony was to blame due to poor security which also landed them in a spot of trouble as they were slapped with a fine due to the poor security. Well as it turns out it looks like Sony did not learn their lesson, either that or someone forgot to tell Sony Pictures that maybe they should pay more attention to their security. 

Even before the epic attack on its systems at the hands of the Guardians of Peace, Sony Pictures Entertainment (SPE) was having to put out a not insignificant number of digital fires. That’s according to a leaked security audit in the files nabbed in November. In a 25 September letter delivered to Jason Spaltro, senior vice president of information security at Sony Pictures, it’s noted that Sony’s Global Security Incident Response Team TISI +0.76% (GSIRT), which monitors systems across the entirety of the electronics business for threats, “escalated 193 security incidents to SPE Corporate IT” between 1 September 2013 and 30 June 2014. One more was escalated – IT speak for informing a department that they need to look into an attack or other security issue – to Internet Systems Technology, a unit within the IT department at Sony Pictures. An alert on one other potentially serious issue was delivered to the Imageworks team.