"We Know You Are Frustrated": Sony Restores Network, But Will Trust Follow?
All existing members on the network will have to download new firmware and reset their passwords in order to access the system. Sony is promising that it has enacted new layers of security.
As we covered earlier in this massive and unprecedented outage of a major media network, Sony was quick to offer some kind of compensation to users in the form of a "Welcome Back" program of freebies and membership extensions. As the outage lingered into May, however, the company started aiming its promises toward the real core issue, security itself. SCE said that it was going to offer its customers complimentary enrollment in an identity theft protection program. They partnered with Debix to offer its AllClear ID Plus for a year. The program will monitor the Web for instances when a customer's personal information has been exposed and a $1 million ID theft insurance policy.
The last month has been an ongoing series of executive mea culpas, including a letter to customers from Sony head Howard Stringer addressing criticism of Sony that it responded too slowly to the cyber-attacks that seemed to compromise personal data. In this restoration the company says it has put in place additional software monitoring, firewalls and vulnerability testing. They even enlisted the endorsement of security brand Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past," says Francis deSouza, SVP, President, Enterprise Security Group. "In working with Sony on the move of their data-center, it's clear they're implementing measures to reduce security risks moving forward." Sony also added a CISO post (Chief Information Security Officer).
Whether Sony had a rapid enough response to the breach, or its little freebies amounted to appropriate compensation are open questions. The real issue now is whether customers will come back into the service with a sense of trust. After all it took years for e-commerce companies to convince consumers that entering your credit card number into a secure Web site was probably safer than handing the card to a waiter or store clerk. Does an incident like this unravel that accumulated trust? Or has the digitization of e-commerce simply become so necessary and inevitable in our minds that consumers will ignore the incident and just pick up the controller and keep playing?