Risk Insights

Time is the best healer for Sony Playstation 3 bug

John — Wed, 03 Mar 2010 13:38:25 +0000

A GLITCH in the PlayStation3 which prevented users from connecting to the PlayStation Network and playing most games has been fixed without any intervention from Sony. The bug materialised when the PS3’s internal clock had problems switching dates from Feb 28 to March 1, wrongly believing 2010 was a leap year. However, because the non-existent Feb 29 has passed, the PlayStation3 glitch can be easily fixed by syncing your date and time from the XMB interface. The bug didn’t affect the newer “slim” PlayStation3 models that were launched last year.

For those interested in managing risk there are many questions here – why was the bug not discovered earlier, and if it can happen to the Sony PS3 with 40 million units sold, what else could be similarly impacted? This second question goes beyond games machines and consumer electronics; internal clocks are embedded in a vast range of equipment nowadays.

It also raises the questions regarding Sony’s reputation for quality, about Japan’s manufacturing reputation, and how to crises communications are impacted by new social media such as Twitter and Facebook, and the role of ‘unoffiical sources’ such as tech blogs not just in covering the story but also in their resources to identify both the problem and solution.

17-year-old Microsoft vulnerability patched at last

John — Sat, 27 Feb 2010 21:07:56 +0000

A 17-year-old vulnerability that dates from the days of DOS is being patched in Microsoft’s February security update. I guess eventually is better than never but it highlights the importance of applying other risk mitigation options, such as:

Use a firewall
Be suspicious of unsolicited e-mails bearing attachments
Use security software that can tackle viruses and spyware
Apply operating system updates as soon as they become available
Keep your browser up to date

Cyber attacks: the cost of spam and hacking

John — Mon, 22 Feb 2010 13:25:43 +0000

Forty-three per cent of the 2,100 businesses surveyed by computer security firm Symantec all lost confidential or proprietary data during 2009, and that 75 per cent of the businesses polled experienced some type of cyber crime in the last 12 months. In order to quantify the cost, Symantec asked companies to look at a range of factors which negatively impacted them as a result of cyber crime – such as lost revenue, loss of customer relationships and damage to their firm’s brand. This came out at a mean average of £1.2 million per company.

Study Highlights include:

Forty-two percent of enterprises rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined.

On average, IT assigns 120 staffers to security and IT compliance. Enterprises rated “better management of business risk of IT” as a top goal for 2010, and 84 percent rated it absolutely/somewhat important.

Every enterprise experienced cyber losses in 2009. The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. These losses translated to monetary costs 92 percent of the time. The top three costs were productivity, revenue, and loss of customer trust.

The report also hightlights that enterprise security is becoming more difficult due to a number of factors. First, enterprise security is understaffed, with the most impacted areas being network security, endpoint security, and messaging security. Second, enterprises are embarking on new initiatives that make providing security more difficult. Initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualization, endpoint virtualization, and software-as-a-service. Finally, IT compliance is also a huge undertaking. The typical enterprise is exploring 19 separate IT standards or frameworks and are currently employing eight of them. The top standards include ISO, HIPAA, Sarbanes-Oxley, CIS, PCI, and ITIL.