Poor old Sony. Getting messed around by those pesky hackers again. This time it’s Sony Pictures turn. Maybe they didn’t bother learning the lessons from the hacking of the Playstation network. I don’t mean the specifics of that hack, just that you’ve got to be always on the alert. Did Sony Pictures beef up their IT security in the wake of the Playstation hack? If so, did than keep that extra IT security capability a threats evolved?
In unconfirmed reports, the hackers seem to have got hold of some very sensitive data from Sony Pictures. Data that I would argue had no right being on a networked computer in the first place. It’s all very well having firewalls between the internet and a company's internal network, but nothing is perfect. Far better to have highly sensitive data residing only on a small number of computers, and on a completely separate network not connected in any way to the internet.
Computers are quite small these days. I’m sure an executive can fit two computers on their desk. One for everyday use, that can connect out to the internet, and the other for the high security internal network. Sorry, but no, you shouldn’t be able to access every company secret from anyway in the world. The physical security provided by the building hosting a completely separate network is probably far better than any firewall.
Companies now need to start thinking like the military. Classify data according to sensitivity. What would happen if this data was out there in the world? For the most sensitive data, put it on separate machines with no physical way out on to the internet, stopping a remote hacker getting to it. And restrict which personnel can access the data. Need to know.