????這種公司結(jié)構(gòu)并非索尼公司所獨有,，但它有助于解釋索尼為何在2011年遭遇這樣的挑戰(zhàn)后，仍沒有做好更充分的準備以避免在2014年重蹈覆轍,。安全公司vArmour的首席執(zhí)行官蒂姆?伊德斯表示：“大多數(shù)機構(gòu)都是孤島式的,。他們需要更好地在各個部門和供應(yīng)鏈之間分享安全問題的解決方案，并展開更有效的合作,。如果索尼這么做了,，它就會更加強大?！?/p>

????問題在哪,？米里夫斯基表示，在2011年被黑客襲擊后,，索尼沒有足夠迅速地處理組織結(jié)構(gòu)問題,。他說：“從那時起，他們的首席信息官就應(yīng)該在全公司推行防護措施,，加強員工的信息安全培訓,，這些應(yīng)當成為公司上下的標準化培訓內(nèi)容。就面向大眾的PlayStation Network而言,，索尼采用了完全被動的防護措施——‘我們在X點被Y攻擊了,，所以我們用各種工具來強化X點，避免讓與Y類似的攻擊再次得逞,?！@完全是被動防御，而不是主動防御,?！?/p>

????對于索尼這樣的大公司而言，做好防御尤其困難,。伊德斯表示：“索尼可以被攻擊的面很廣,，需要大量投資和時間來部署防御，這的確令人遺憾,?！?/p>

????米里夫斯基稱，在最近的黑客攻擊中泄露的電子郵件通訊,，證明索尼影視娛樂公司沒有采取足夠措施來防范網(wǎng)絡(luò)釣魚攻擊和遠程訪問木馬,，沒有有效的密碼管理策略，也沒有恰當?shù)剡M行加密,、數(shù)據(jù)儲存和備份操作,。

????米里夫斯基表示：“最后，索尼影視娛樂公司等于是門戶大開,。他們很可能只是裝了個防火墻和殺毒軟件,，然后告訴他們的首席信息安全官‘這里一切安全’——如果真的有這類對話的話,。如果索尼影視娛樂公司有恰當?shù)拇鎯刂啤⒙┒丛u估和員工培訓機制,，首席信息安全官本可以知道得更多,。”

????帕切特表示,，拜平井一夫的領(lǐng)導和安德魯?豪斯重新?lián)嗡髂犭娔X娛樂公司總裁和集團首席執(zhí)行官所賜，索尼的內(nèi)部協(xié)調(diào)已經(jīng)得到了改善,。比如,，索尼影視電視公司目前就正在為PlayStation Network拍攝原創(chuàng)實景真人系列電視劇Powers。然而,，市場調(diào)研公司Digital World Research的首席執(zhí)行官P. J. 麥克尼利表示：仍處于萌芽期的部門合作尚不足以阻止近來針對索尼的網(wǎng)絡(luò)攻擊,。

????2011年，索尼電腦娛樂公司做出了大量努力來贏回其游戲消費者的信賴,。如今,，索尼借PlayStation 4在游戲主機市場取得了對微軟和任天堂的領(lǐng)先。麥克尼利說：“消費者在這方面很容易原諒,，因為到頭來這只是個娛樂產(chǎn)品,。在（2011年5月）打好補丁，PS主機平臺網(wǎng)絡(luò)重新上線后,，消費者回歸的速度讓我感到十分驚訝,。消費者已經(jīng)開始接受這樣一個事實：我們所在的是一個全新的世界，黑客攻擊總是難免的,?！?/p>

????專家也承認，盡管由于最近的被黑事件,，索尼蒙受了名譽損失,，但它不是唯一一家由于這類問題而陷入危機的公司。

????麥克尼利問道：“如今真的有公司能保證自己不遭受黑客攻擊嗎,？我們現(xiàn)在親眼看到,，黑客能攻破大型公司和零售商。每個人都是黑客的目標,。黑客的行為已經(jīng)有了真正的轉(zhuǎn)變,，他們不再像10年前那樣通過在特定節(jié)日發(fā)送病毒郵件來博取頭條，如今他們正試圖竊取個人數(shù)據(jù)和信息,?！?/p>

????聯(lián)邦調(diào)查局網(wǎng)絡(luò)安全部副主任約瑟夫?德馬雷斯特于本月早些時候?qū)鴷硎荆?0%的公司都無法抵御索尼影視娛樂公司遭受的攻擊。

????米里夫斯基說：“我同意這個比例,。但真正的問題是如今的安全態(tài)勢和員工培訓,。索尼影視娛樂公司最大的弱點在于員工,。如果你不能加強員工培訓，讓他們改善自己的行為,，那么除了等著被黑客再次成功入侵,，你還能指望什么？”（財富中文網(wǎng)）

????譯者：嚴匡正

????This type of corporate structure is hardly limited to Sony, but it helps explain why such a challenging period in 2011 didn’t better prepare the company to avoid a similar scenario in 2014. “Most organizations are in silos,” says Tim Eades, CEO of the security company vArmour. “They need better sharing and collaboration solution in security between their divisions and their supply chain. If Sony had that, it would have been stronger.”

????The problem? Sony didn’t address its organizational issues fast enough after the 2011 hack, Miliesky says. “From that moment on, their CIO should have implemented corporate-wide protection measures and beefed up info-sec training for employees that would be standardized across the organization,” he says. “The tools and techniques they decided to use to protect the public-facing PlayStation Network was a reactive approach—’We were attacked at point X by Y, so let’s defend point X with tools to stop successful exploitation by these kinds of Y attacks.’ It was completely reactive, not proactive.”

????It’s a particularly knotty issue for a company as large as Sony. “The attack surface that Sony has is vast and requires significant investment and, unfortunately, time to deploy,” Eades says.

????The email correspondence that leaked in the wake of the recent hack showed that Sony Pictures Entertainment may have been operating without adequate protection against phishing attacks, remote-access Trojans, password management policies, proper use of encryption, data storage, and backups, Miliesky says.

????“Ultimately, SPE was wide open,” Miliesky says. “They probably had a firewall and antivirus and told their CISO ‘everything is safe and secure over here,” if that conversation even happened. A proper inventory control, vulnerability assessment, and employee training at SPE would have revealed much to the CISO.”

????Sony has improved its internal coordination, thanks to both Hirai’s leadership and the return of Andrew House as president and Group CEO of Sony Computer Entertainment, Pachter says. For example, Sony Pictures Television is currently filming the original live action television series, Powers, for the PlayStation Network. But the budding synergy between divisions wasn’t enough to stop the most recent cyber attack against Sony, says P.J. McNealy, CEO of the market research firm Digital World Research.

????In 2011, Sony Computer Entertainment worked hard to win back the trust of its gaming customers, and today it leads both Microsoft and Nintendo in the gaming console market with its PlayStation 4. “Consumers are quick to forgive on this front because at the end of the day it’s an entertainment product,” McNealy says. “I was surprised at how quickly the user numbers spiked back after the patch was fixed and the network went back online [in May 2011]. Consumers are accepting that this is the new world we live in, where hacks take place.”

????Experts agree that while Sony’s reputation is suffering in the wake of the most recent attack, it is hardly the only company at risk from such issues.

????“Can any corporation really firewall itself to be invulnerable to attacks today?” McNealy asked. “We’ve now seen hackers breach major corporations and major retailers. Everyone’s a target for hackers. There’s been a real shift in the hacking community from unleashing viruses through emails on select holidays to attract headlines 10 years ago, to trying to grab personal data and information.”

????Joseph Demarest, assistant director of the cyber division of the Federal Bureau of Investigation, earlier this month declared to members of Congress that 90% of businesses could not have stopped the Sony Pictures Entertainment attack.

????“I agree with that number,” Miliefsky says. “But the real issue is today’s security posture and employee training. The biggest weakness at Sony Pictures Entertainment was the employees. If you can’t train them to behave better, then what can you expect but another successful breach?”