Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 21 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Sony spends $15 million on security – industry views

by The Gurus
February 4, 2015
in Opinions & Analysis
Share on FacebookShare on Twitter

News emerged this morning from Sony that it plans to spend $15 million on cyber security defences, only months after suffering a devastating cyber attack.
 
The financial statement says that Sony Pictures has a forecast of 890 billion yen ($7.6 billion) in total sales, suggesting that the $15 million outlay on defences against an attack that closed the company down and forced employees to use pen and paper and off corporate networks, is a tiny outlay.
 
Andrew Barratt, European managing director of Coalfire, told IT Security Guru that the amount is a “painfully small amount when you look at a company that generates billions ($) in revenue per year”, and he suggested that $15M out of $8BN is less than one per cent.
 
So how much can you spend to get yourself out of danger? Is that even possible? We asked some industry minds on what they thought to the news.
 
 
Andrew Kellett, principal analyst, security at Ovum
 
“Several horses have already bolted, but to continue with that analogy, Sony failed to repair the fence after the first one escaped and the security vulnerabilities remained. Beyond that the “spend more on security” approach has to be seen as reasonable.
 
“Our research shows that just over 50 per cent of organisations have plans to spend more on security this year, 40 per cent plus will spend at least the same. Only seven per cent think they can afford to spend less and I would really like to know who they are.
 
“That said, Sony also needs to focus spending on their security intelligence and security management activities to try to ensure that the embarrassing elements of the last security breach are not repeated.”
 
Russ Spitler, vice president at AlienVault
 
“Sony Pictures had a gross revenue of $8B for the fiscal year of 2014.  Assuming this $15M number is a quarterly budget and not a one-time cost, that brings their projected annual cyber security budget up to $60M for 2015. With the assumption of about 3.5 per cent of revenue spent on IT (according to Gartner) this means they are spending $60M out of a total IT budget of $280M bringing them to about 20 per cent of their IT budget spent on security.
 
“This is in line with the best out there (financial services), if it is a one-time cost then they are spending about five per cent of their IT budget on security which is the industry average (also according to Gartner). However, when increasing spending then other issues may arise as Sony tries to expand its internal expertise.
 
“It is a great start, however it is not an indicator that they will be able to successfully migrate that transition. They obviously have a big hole to dig out of and a lot of technology to get in place, but you would hope of all the executive teams out there, this one knows the personal price of poor security and has good motivation to see this effort through.”
 
Dave Larson, CTO at Corero
 
“Organisations like Sony that rely on conducting their business online must respond to this escalating cyber threat proactively, with dedicated solutions for proper mitigation. Specifically, investing in proactive technical defences against DDoS attacks and cyber threats to prevent attackers from achieving their goal of disrupting or compromising the business should be a key driver in cyber security spend within the organisation.
 
“Beyond the investment in security solutions, reactive response plans should be developed and put in place to minimise the disruption caused by an attack that penetrates your defences – or is suspected of compromising your systems.”
 
Rob Sobers, director at Varonis
 
“There are certain technology problems that you can simply throw money at. For example, if you want to make your server run faster, you can load it up with the best solid-state drives and gobs and gobs of RAM. Voila! Faster server.
 
“You absolutely cannot, however, buy security. Investing in security technology and in staff is extremely important, but behind that investment needs to be a sound methodology for protecting your company’s data. Time and time again we see companies with excellently equipped security teams fall victim to very basic, unsophisticated vulnerabilities, like accidentally emailing a sensitive file to the wrong person.”
 
Bob Tarzey, analyst and director at Quocirca
“According to the figures, the remediation costs are dwarfed by expected loss of sales. That said, it is not clear what the “remediation” costs are for, is this just clearing up the mess or actually improving security? Anyway, it may be closing the stable door after the horse has bolted, but then if you are planning to buy another horse, it still needs doing.”
 
TKKeanini600x350
 
 
 
 
TK Keanini, CTO of Lancope
 
“The cost of this incident was massive and $15 million is a good start when you consider a single movie may cost much more than this to produce. Let’s not forget that this is just Sony Pictures, there is also loose ends to shore up across the Playstation Network as it was down during Christmas day as folks tried to play their new games.
 
“Businesses worldwide need to stop and really pay attention to what happened here from a business perspective. Consider the threat and ask yourself what you have in place today to ensure business continuity when this inevitably happens to you.  We as a business, as partners, as consumers are all facing a very real threat and all must do our part to raise the cost to these adversaries.”
 
 
 Mark James, security specialist at ESET
“Having the money available is great, but it needs to be used in the right way and that includes making sure staff are educated on good policies and practices – just throwing huge sums into security is only one part of the solution. It is good to see them investing in securing our data, as long as a good portion of this money is being invested in staff training and education along with making sure that data is properly encrypted and continually monitored.
 
“Whilst £15m seems a lot of money
when you take into account their earnings for the year it is a relatively small amount but none the less makes a very good statement of their intentions, and as Sony relies on its customers to make its money, protecting our data should be one of its most important jobs.”
 
Tim Erlin, security researcher at Tripwire
 
“When it comes to security, the proof is in the pudding. $15M is just a number, and it could be spent on techie toys as easily as on foundational controls. It will be a long time before we know if their response was effective or not.
 
“While the number may or may not be accurate, it’s useful for the industry as a whole to see what cost an organisation like Sony puts on this kind of incident.”
 
Martin Lee, cyber crime manager at Alert Logic
 
“Published incident costs are only part of the whole cost. Companies need to consider the indirect costs of loss of reputation following a breach and the loss of sales as consumers and partners prefer to take their business to organisations that are perceived as being at lower risk.
 
“Spending a fraction of the amount that may be spent dealing with a major breach on monitoring and rehearsing the response to a breach means that when an attack is successful, the company is prepared and the incident is resolved. Otherwise, we risk spending more and more money fixing issues long after they’ve been exploited and clearing up the mess. The only people that will win in this scenario are the attackers, and the incident responders.”

FacebookTweetLinkedIn
Tags: attackSonySpending
ShareTweet
Previous Post

Obama signs order to curb data collection of US and foreign n ationals

Next Post

Sony set to splash $15M on cyber defences

Recent News

WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023
'open' sign on window ledge

SME Cyber Security – Time for a New Approach?

September 21, 2023
Keeper Security Logo

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

September 21, 2023
Synopsys leader in AppSec

Synopsys Recognised as a Leader in Static Application Security Testing by Independent Research Firm

September 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information