The confession from Sony that the personal details of more than 70 million PlayStation Network and Qriocity customers has been obtained illegally by an "unauthorised person" is yet again an unfortunate instance of security policy failing. Worryingly, these instances are now commonplace and enough simply isn’t being done to pre-empt such situations.
At its core, enterprises need to re-consider the validity of data collection and accessibility. Marketing people, for example should perhaps review the amount and type of information they gather as well as how they gather it, given the level of attempts to defraud people via email. They must consider whether data needs to be stored permanently or whether it can be held temporarily. Authentication is a clear example of where the data usage requirement can be temporary.
In this digital age, given the increasing levels of cybercrime for financial gain, businesses need to take a step back and ponder whether they are moving into an economically healthy online age or whether the losses from law suits and reputation, such as in Sony’s instance now, will ultimately cripple organisations’ growth in the long term.