GL BAJAJ

Institute of Management and Research

FIND YOUR SPARK

Approved by AICTE, Ministry of HRD, Govt. of India

(Subject Name: Information System for Business) Subject Code: PG-18

Term- I PGDM Batch 2022-24

Submission Date: 20.09.22

Submitted by: Submitted to:

Name: Anisha Arora Mr. Alok Bhardwaj

Ayush Raj

Naman Kumar

Riddhi

Surya Prakash

Section: B
 Case study analysis

 From the case, we can see that Sony had a few issues that led to a security gap.
According to the complaint, Sony has an inadequate firewall system, which is
important for shielding the business from online attacks. Anyone using the company's
gaming platform is at risk because Sony did not apply data encryption on the stored
plain text information.
 In terms of management considerations, they opt not to take the necessary actions to
improve their system.
 According to organisational considerations, it may appear that the business focused
solely on market expansion while neglecting to improve the security service it offered
to both clients and employees.
 The attack was essentially made possible by Sony's obsolete system software due to
technological issues.
 The database system was not properly secured by encryption measures.
 Even worse, the possibility that users' personal information and credit card numbers
were compromised will deter additional people from utilizing the network.

I think there are several options Sony can select from that can greatly improve their security,
starting with making an investment to update their necessities like encrypting the data at their
disposal, and making sure that their permission levels are fixed so that no one else can access
their files. These are some strategies that, in my opinion, will be very beneficial to Sony if
used, but, as was previously stated, improving security starts with having a competent
security team.
Answer 1
One of the most well-liked gaming platforms for online players was Sony PlayStation
Service. 130 servers are spread out globally. A technique was played by some hackers in
2011 to get access to the server and steal data. The following list of Sony flaws led to the
security breach:

 Sony management failed to foresee a number of well-known security risks.

 Sony refused to invest in resources with improved security measures.
 Instead, the corporation employed a large number of technical personnel but lacked
enough training and was negligent regarding potential assaults.
 Sony utilised out-of-date software that was attackable
 Sony was utilising an outdated version of the Apache web server.
 Their website's firewall protection was inadequate.
 Sony didn't worry about data encryption and saved information in the open text.
 Another flaw is that Sony's IT infrastructure was inadequate, including its use of
shoddy firewalls and the absence of encryption services for critical data.
 A firewall prevents access to information outside the network while securing
information inside. Any data inside the network can be readily accessed and altered if
the firewall is weak.
 Even via their emails, they didn't personally connect with them. Instead, they made
use of blogs, which are not suitable mediums for sharing such sensitive material.
 Sony took some time to shutter its systems after learning of the attack, giving hackers
enough opportunity to steal information.

Answer 2
The big security attack on Sony PlayStation Service is not an accident. A structured, well-
thought-out, and researched strategy was used to take control of the system. The Sony
technical staff was less knowledgeable about the Play Station Network (PSN) system than the
hackers.
  Management Factors
 The administration fails to take the proper actions to modernise the system.
 The management ought to have been aware of the hacking attempt before it happened.
 Being in management is not only difficult, but they also need to be capable of making
good decisions.
 A safe, up-to-date system might reduce our clients’ headaches, ensuring the stability
of our business.

 Organizational Factors
 The company is an ecosystem that includes all of the management, technical staff,
and customers.
 Customers acting on their behalf must have known about potential security threats
and should have taken precautions.
 The company should have included the bare minimum of security protections given
that online gaming is its primary focus.
 The company should focus on improving service quality and security in addition to
market expansion.

 Technological Factors
 The Sony Company’s usage of out-of-date system software facilitated the attack.
Encryption safeguards were not used to properly secure the database system
 The system isn’t even smart enough to figure out what private information was taken.
The deletion of the log file indicates that the file permissions were not correctly
specified.
 I believe that grand theft is not accomplished quickly. In order to notify management
and relevant authorities should have some kind of alert feature.

Answer 3
The business impact of the Sony data losses is Sony shut down its entire globe play station.
For a company like Sony which has high customer belief and daily customer engagement,
shutting down a system for a few hours means a very high level of customer dissatisfaction
and diversion.
The impacts are listed below:

 Sony has to shut down the entire globe PlayStation network.

 The attack caused the deletion of many files and hide its information.
 The shutdown of the online system is a long-term impact on its goodwill.
 Customer lost their personal information.
 Sony lost its value and positing in the market.
 Customers who were fond of playing games felt disappointed.
 Customers losing their credit information could have a loss on customer account
balance too.

Answer 4
Sony, if analyzed and investigated the great attack thoroughly would find the possible
weakness and the dark side of its system. The report could suggest preventive measures
which may include but are not limited to:

 Investment in resources for Strong Security

 Encryption of data needs double the resources, not limiting the resources and
implementing the encryption would help them
 Sony need a strong firewall with a better access policy to protect against external
access to their system.
 The use of outdated software is really a security threat and even a child will suggest
updating the software to the latest version and releases that might have improved
security and bugs.
 It won't harm if the Sony Company make some automatic alert mechanism in case of
attack or security breach so that technical person could make some preventive
measures.
 The file permission, logging and mirroring should be managed well so that deletion of
some files would not harm to great extent.
 Conclusion
A well-known brand Sony was hacked and lost all data of its users including personal and
login information. Reasons why they use outdated security systems, weak encryption,
organizations, people and technology play a big role in data loss. It also disappoints users
who fear the impact of server shutdowns, value and positioning, loss of user trust, bank
balances, personal information, and users who play regularly. To avoid this kind of trouble,
companies should ensure high security, invest in security systems, have the right technical
teams to verify unknown activities, and monitor hackers to steal data and act accordingly.