Sony’s PlayStation Network breach has been the talk of the industry for the last several weeks. With the PlayStation Network back online and Sony now focusing on getting the PlayStation Store live once again, Sony has achieved great success in the last several weeks, however, they still have work ahead of them to complete before the service is running at optimal levels once again.
In light of the PSN breach, many other companies within the gaming industry has felt the adverse effects of the downtime as Capcom revealed earlier in the month that the PSN downtime was costing the company a hefty sum of money. The situation could become more severe for other companies as the gaming industry is a prime target for hackers and future attacks similar to the one Sony was a victim of.
Today, we were able to talk with Akamai – an industry leader in cloud security and battling hackers – about the PSN breach and what type of precautions other companies should take to ensure such an attack doesn’t happen to them. Kris Alexander, Akamai’s Chief Strategist for Connected Devices and Gaming, touches on the subject matter and shares insight on what can be done to prevent future attacks and new techniques to counter hackers.
Interview:
In the aftermath of the attack, was Sony's reaction proper or could the situation have been handled better? What means could have been used by Sony to avoid this hack attack or prevent it?
I can’t speak for Sony. However, this is a broader issue in the game industry. Attacks are coming more frequently, in greater numbers, and various approaches (ranging from brute force to very subtle). Gaming businesses need to approach security as an on-going proactive plan that incorporates multi-faceted defense strategies that will fight against as many types of potential attacks as possible. Malicious attackers are striking from many different areas, so gaming companies, and virtually any company that operates online needs to be prepared for the varying types of attacks.
Sony’s hack attack was a DDoS attack, which has led to a mass security breach and plagued their PSN service for several weeks now. With such a sophisticated hacking method utilized, what is the most viable option to combat such attacks and was Sony’s shutdown of their PSN service the best method to do so?
Since attacks and attack methods can vary, there is often not one best option for mitigating risks, but a combination of methods that need to be used based on the online service and situation. Think of it like a door: one lock isn't enough because someone can figure out how to break through. You need many locks and new forms of defense as break-ins become more sophisticated. We recommend our customers implement multiple technology tools to mitigate multiple risks.
Akamai uses this strategy to ensure that both our network, and the networks of our customers are not compromised in the event of an attack. For example, in Q4 2010, some retailers saw traffic spikes and having the Akamai platform in place in advance proved critical. Our customers ended up preventing $15 million in lost revenue.
With Sony now a victim to this type of attack, what steps does Sony need to take to ensure their system is strengthened to combat future DDoS attacks and what should other companies look for when setting up future or upgrading their current security system?
I cannot comment on Sony's specific situation, but I can provide examples of best practices for particular situations. Companies with an online presence need a better understanding of how cyber attacks occur, and to understand the sheer scale of the effects they can have on a business.
Has this attack revealed vulnerability for all online gaming services, in your opinion? Or has it shown that more precautions need to be taken to ensure their network is properly guarded against potential attacks?
This is a major area of concern right now, and has put the vulnerability of gaming services in the spotlight. The gaming industry has always been an attractive target because of the large online communities with personal information, the potential of gaining competitive advantages in games, and the high profile nature of many of the businesses or game titles. The gaming industry is often ahead of the rest of the software industry in terms of new technologies and business models that other companies may not see for another few years. This means that the gaming industry often encounters new risks and challenges earlier than other businesses. As obstacles become more apparent, all businesses have the opportunity to learn and be proactive in mitigating those risks.
In the case of security, the opportunity starts with becoming educated on what types of attacks your company might be most susceptible to. Any company that conducts business online is potentially at risk for DDoS or other methods of attack. And as the sophistication of hacker methods increases, so should the defense solutions that these companies utilize.
Sony utilizes Cloud based storage services for select PSN members. As of late, Cloud based storage solutions have been on the rise, however, the technology hasn’t been widely utilized due to fear of hacks and system crashes. What is being done to safeguard cloud-based storage a solution from such personal identity breaches similar to the one of Sony’s PSN?
Like the Internet, the cloud is imperfect, which is why sophisticated security solutions are imperative. Akamai’s strategy to protecting cloud-based storage of its customers includes a number of cloud storage services and platform-as-a-service customers. Many of them do leverage our security stack, which includes things like layer 7 aware, Web Application Firewalling, for instance, to stop malicious application level hacking attempts and plug vulnerabilities.
-- Follow us on Facebook for the latest news and reviews. --
Comments