Iain Thomson reports that past decisions by Sony may have come back to bite it:
[…]
As a result of those spending cutbacks, we’re told by sources, IT budgets were sharply reduced, finance functions were outsourced, and belts tightened in the theatrical and home entertainment departments. Some 800 people were made redundant between 2009 and 2013. Loeb sold off his Sony stock in October this year.
Whether or not the cost cutting dented Sony Pictures’ abilities to defend itself from hackers, it seems from the leaked files that the biz employed 11 people – mostly managers – out of several thousand to maintain its computer security, according to ABC News’ media blog Fusion. The size of the team and the fact that passwords were listed unencrypted in files named “passwords” is worrying to some.
“The real problem lies in the fact that there was no real investment in or real understanding of what information security is,” one anonymous ex-employee is quoted as saying.
According to CIO Magazine in 2007, auditors pointed out a year earlier that Sony Pictures had a crap approach to passwords and access controls, but the concerns were dismissed by Sony execs because requiring staff to memorize complex passwords was too much – “let them keep using their terrible passwords,” in other words.
Read more on The Register.